CVE-2006-3430

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGH
EPSS
2.3%
top 15.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Novell ZenworksLumension Patchlink Update Server
Timeline
PublishedJul 7
Latest updateMay 1

Description

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDlumension/patchlink_update_server6.1, 6.2.0.181, 6.2.0.189+2

🔴Vulnerability Details

2
GHSA
GHSA-2w6w-mf6x-rw59: SQL injection vulnerability in checkprofile2022-05-01
CVEList
CVE-2006-3430: SQL injection vulnerability in checkprofile2006-07-07
CVE-2006-3430 (HIGH CVSS 7.5) | SQL injection vulnerability in chec | cvebase.io