CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-3886

SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/1284
http://www.securityfocus.com/archive/1/441000/100/0/threaded
http://www.securityfocus.com/bid/19129
https://exchange.xforce.ibmcloud.com/vulnerabilities/27926
http://securityreason.com/securityalert/1284
http://www.securityfocus.com/archive/1/441000/100/0/threaded
http://www.securityfocus.com/bid/19129
https://exchange.xforce.ibmcloud.com/vulnerabilities/27926

Products affected by CVE-2006-3886

Musicbox » Musicbox » Version: 2.3

cpe:2.3:a:musicbox:musicbox:2.3
Musicbox » Musicbox » Version: 2.3.3

cpe:2.3:a:musicbox:musicbox:2.3.3
Musicbox » Musicbox » Version: 2.3.4

cpe:2.3:a:musicbox:musicbox:2.3.4
Musicbox » Musicbox » Version: 2.3_beta_2

cpe:2.3:a:musicbox:musicbox:2.3_beta_2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3886

Products

Pricing

Contact Us