CVE-2006-2320

Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20035
http://securityreason.com/securityalert/871
http://www.idealscience.com/ibb/posts.aspx?postID=24415
http://www.osvdb.org/25457
http://www.securityfocus.com/archive/1/433248/100/0/threaded
http://www.securityfocus.com/bid/17920
http://www.vupen.com/english/advisories/2006/1729
https://exchange.xforce.ibmcloud.com/vulnerabilities/26354

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2a:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2b:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.2c:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3a:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.3b:::::::*
	cpe:2.3:a:ideal_science:idealbb:1.5.4a:::::::*

History

No history.

Information

Published : 2006-05-12 00:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-2320

Mitre link : CVE-2006-2320

CVE.ORG link : CVE-2006-2320

JSON object : View

Products Affected

ideal_science

idealbb

CWE

NVD-CWE-Other

{"id": "CVE-2006-2320", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-05-12T00:02:00.000", "references": [{"url": "http://secunia.com/advisories/20035", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/871", "source": "cve@mitre.org"}, {"url": "http://www.idealscience.com/ibb/posts.aspx?postID=24415", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25457", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/433248/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17920", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1729", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26354", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209."}], "lastModified": "2018-10-18T16:39:17.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3127A3FA-3110-4901-98A3-90B81BBB3FC0"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F20DAF53-53FE-4FF7-86C9-A7F525E04F08"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD493BE-1ACF-4107-AE8C-CBDC1AC0546E"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC6DE5D-23E4-41B3-8E31-067ABAF27FF4"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E6FEDD6-2445-480A-83FB-CC2F5FB512DF"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C016844-21F0-40C6-B8A5-9CDA91859928"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D86C38C-AA64-47EB-9142-660C3545C07B"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71B7637B-EB4A-4E08-BAF8-812F4AD3A358"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5FA07AC-9D80-4B48-B42A-C4EC14F2F4CA"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.2c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F0EA2D0-8DA2-4740-B092-502C4A70D957"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10445738-9B32-403B-8D46-020719BE271A"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3851C24-1C35-4205-A396-10F7947048C8"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353B45AB-160F-448E-885A-86FA4E6BCB23"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C12385-64AA-455C-B73F-52FBDBEC9239"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.3b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27274F29-E259-48C1-95A0-5D25E07B7A97"}, {"criteria": "cpe:2.3:a:ideal_science:idealbb:1.5.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CFC6A1-0F93-40E6-8E46-E39BFDB2F919"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}