[Japanese]

JVNDB-2006-000604

Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Overview

Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Nagasaki Prefectural Government
  • Nagasaki Electron Prefecture of Web Red Book System
  • Nagasaki Electron Prefecture of Annual Vacation System
  • Nagasaki Electron Prefecture of muniment System

Impact

A remote attacker may view or modify the database contents.
Solution

Vendor Information

Nagasaki Prefectural Government
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#41550845
Revision History

  • [2008/05/21]
      Web page published

Date Public2006/02/03
Date First Published2008/05/21
Date Last Updated2008/05/21