Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0372

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0372
Last Modified 05 Sep 2008 04:59:04
Published 22 Jan 2006 03:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0372

Summary

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.

Vulnerable Systems

Application

  • Insane Visions Blogphp 1.0


References

BID - 16340

BUGTRAQ - 20060121 BlogPHP config.php SQL injection login bypassed

BUGTRAQ - 20060120 BlogPHP config.php SQL injection login bypass

OSVDB - 22738

XF - blogphp-index-bypass-security(24131)

SREASON - 365


Last Updated: 27 May 2016 10:41:38