Vulnerability Details CVE-2006-2835
SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/1047
- http://www.securityfocus.com/archive/1/435202/100/0/threaded
- http://www.securityfocus.com/archive/1/440120
- http://www.securityfocus.com/archive/1/472798/100/0/threaded
- http://www.securityfocus.com/bid/18117
- http://www.securityfocus.com/bid/18934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26757
- http://securityreason.com/securityalert/1047
- http://www.securityfocus.com/archive/1/435202/100/0/threaded
- http://www.securityfocus.com/archive/1/440120
- http://www.securityfocus.com/archive/1/472798/100/0/threaded
- http://www.securityfocus.com/bid/18117
- http://www.securityfocus.com/bid/18934
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26757
Products affected by CVE-2006-2835
-
cpe:2.3:a:arabless:saphplesson:2.0