Vulnerabilities > CVE-2006-3384 - Cross-Site Scripting vulnerability in Vincent Leclercq News 5.2

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

vincent-leclercq

NVD

Published: 2006-07-06

Updated: 2018-10-18

Summary

SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.

Vulnerable Configurations

Part	Description	Count
Application	Vincent_Leclercq Vincent Leclercq News 5.2	1

References

http://secunia.com/advisories/20936
http://www.acid-root.new.fr/advisories/news52.txt
http://www.securityfocus.com/archive/1/438859/100/0/threaded
http://www.securityfocus.com/bid/18775
http://www.vupen.com/english/advisories/2006/2642
https://exchange.xforce.ibmcloud.com/vulnerabilities/27504