Vulnerability Details CVE-2006-6754
Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://acid-root.new.fr/poc/16061221.txt
- http://secunia.com/advisories/23453
- http://securityreason.com/securityalert/2073
- http://www.securityfocus.com/archive/1/455084/100/0/threaded
- http://www.securityfocus.com/bid/21710
- http://www.vupen.com/english/advisories/2006/5133
- http://acid-root.new.fr/poc/16061221.txt
- http://secunia.com/advisories/23453
- http://securityreason.com/securityalert/2073
- http://www.securityfocus.com/archive/1/455084/100/0/threaded
- http://www.securityfocus.com/bid/21710
- http://www.vupen.com/english/advisories/2006/5133
Products affected by CVE-2006-6754
-
cpe:2.3:a:ixprim:ixprim_cms:1.2