CVE-2006-4463

critical

Description

SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field).

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28638

http://www.vupen.com/english/advisories/2006/3415

http://www.securityfocus.com/bid/19761

http://www.securityfocus.com/archive/1/444652/100/0/threaded

http://www.osvdb.org/28266

http://securityreason.com/securityalert/1483

http://secunia.com/advisories/21674

Details

Source: Mitre, NVD

Published: 2006-08-31

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00754

Detections

Analytics