Vulnerability Description
Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phptoys | Micro Guestbook | All versions |
References
- http://it.security.netsons.org/exploit/MicroGuestBook.txt
- http://secunia.com/advisories/21155
- http://securityreason.com/securityalert/1285
- http://www.osvdb.org/28677
- http://www.securityfocus.com/archive/1/440855/100/0/threaded
- http://www.securityfocus.com/bid/19119
- http://www.vupen.com/english/advisories/2006/2935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27911
- http://it.security.netsons.org/exploit/MicroGuestBook.txt
- http://secunia.com/advisories/21155
- http://securityreason.com/securityalert/1285
- http://www.osvdb.org/28677
- http://www.securityfocus.com/archive/1/440855/100/0/threaded
- http://www.securityfocus.com/bid/19119
- http://www.vupen.com/english/advisories/2006/2935
FAQ
What is CVE-2006-3852?
CVE-2006-3852 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.
How severe is CVE-2006-3852?
CVE-2006-3852 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3852?
Check the references section above for vendor advisories and patch information. Affected products include: Phptoys Micro Guestbook.