Vulnerability Description
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyfaq | Phpmyfaq | <= 1.6.7 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/23651Vendor Advisory
- http://www.phpmyfaq.de/advisory_2006-12-15.php
- http://www.securityfocus.com/bid/21944
- http://www.vupen.com/english/advisories/2007/0077Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32802
- http://secunia.com/advisories/23651Vendor Advisory
- http://www.phpmyfaq.de/advisory_2006-12-15.php
- http://www.securityfocus.com/bid/21944
- http://www.vupen.com/english/advisories/2007/0077Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32802
FAQ
What is CVE-2006-6912?
CVE-2006-6912 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
How severe is CVE-2006-6912?
CVE-2006-6912 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6912?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyfaq Phpmyfaq.