CVE-2006-2139

critical

Description

Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26205

http://www.vupen.com/english/advisories/2006/1574

http://www.securityfocus.com/bid/17757

http://www.osvdb.org/25135

http://www.osvdb.org/25134

http://www.osvdb.org/25133

http://www.osvdb.org/25132

http://secunia.com/advisories/19904

http://evuln.com/vulns/129/summary.html

Details

Source: Mitre, NVD

Published: 2006-05-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00833