Vulnerability Details CVE-2006-4041
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://pike.ida.liu.se/download/notes/7.6.86.xml
- http://secunia.com/advisories/20494
- http://secunia.com/advisories/21362
- http://secunia.com/advisories/22481
- http://security.gentoo.org/glsa/glsa-200608-10.xml
- http://www.securityfocus.com/bid/19367
- http://www.ubuntu.com/usn/usn-367-1
- http://www.vupen.com/english/advisories/2006/2209
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26992
- http://pike.ida.liu.se/download/notes/7.6.86.xml
- http://secunia.com/advisories/20494
- http://secunia.com/advisories/21362
- http://secunia.com/advisories/22481
- http://security.gentoo.org/glsa/glsa-200608-10.xml
- http://www.securityfocus.com/bid/19367
- http://www.ubuntu.com/usn/usn-367-1
- http://www.vupen.com/english/advisories/2006/2209
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26992
Products affected by CVE-2006-4041
-
cpe:2.3:a:pike:pike:*
-
cpe:2.3:a:pike:pike:0.4_pl8
-
cpe:2.3:a:pike:pike:0.5
-
cpe:2.3:a:pike:pike:0.6
-
cpe:2.3:a:pike:pike:7.0
-
cpe:2.3:a:pike:pike:7.2
-
cpe:2.3:a:pike:pike:7.4
-
cpe:2.3:a:pike:pike:7.4.327
-
cpe:2.3:a:pike:pike:7.4.328
-
cpe:2.3:a:pike:pike:7.6
-
cpe:2.3:a:pike:pike:7.6.36