Vulnerability Details CVE-2006-3048
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/20648
- http://secunia.com/advisories/20850
- http://securityreason.com/securityalert/1102
- http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml
- http://www.securityfocus.com/archive/1/437017/100/0/threaded
- http://www.securityfocus.com/bid/18421
- http://www.vupen.com/english/advisories/2006/2349
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27146
- http://secunia.com/advisories/20648
- http://secunia.com/advisories/20850
- http://securityreason.com/securityalert/1102
- http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml
- http://www.securityfocus.com/archive/1/437017/100/0/threaded
- http://www.securityfocus.com/bid/18421
- http://www.vupen.com/english/advisories/2006/2349
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27146
Products affected by CVE-2006-3048
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.6.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.8.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3.1