PT-2006-4186 · Freedom Scientific · Jaws

Rgod

Published

2006-06-28

Updated

2018-10-18

CVE-2006-3292

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jaws version 0.6.2

Description The issue allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter, which is used in the search field of the Search gadget.

Recommendations For Jaws version 0.6.2, consider restricting access to the Search gadget until a patch is available, and avoid using the searchdata parameter with the "LIKE" keyword to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3292

Affected Products

Jaws

PT-2006-4186 · Freedom Scientific · Jaws

CVE-2006-3292

Related Identifiers

Affected Products

References · 10