Vulnerabilities > CVE-2006-5675 - SQL Injection vulnerability in Pentaho Business Intelligence Suite 1.2Rc2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

pentaho

critical

exploit available

NVD

Published: 2006-11-03

Updated: 2017-07-20

Summary

Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts. This vulnerability is addressed in the following product release: Pentaho, Business Intelligence Suite, 1.2 RC3 (1.2.0.470-RC3)

Vulnerable Configurations

Part	Description	Count
Application	Pentaho Pentaho Business Intelligence Suite 1.2_Rc2	1

Exploit-Db

description	Pentaho. CVE-2006-5675. Webapps exploit for jsp platform
id	EDB-ID:9958
last seen	2016-02-01
modified	2009-10-15
published	2009-10-15
reporter	antisnatchor
source	https://www.exploit-db.com/download/9958/
title	Pentaho <= 1.7.0.1062 - XSS and information disclosure

Summary

Vulnerable Configurations

Exploit-Db

References