Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0823

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0823
Last Modified 07 Mar 2011 09:30:52
Published 21 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0823

Summary

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

Vulnerable Systems

Application

  • Geeklog 1.3.11

  • Geeklog 1.3.11 Sr1

  • Geeklog 1.3.11 Sr2

  • Geeklog 1.3.11 Sr3

  • Geeklog 1.4.0


References

SECUNIA - 18920

VUPEN - ADV-2006-0661

MISC - http://www.gulftech.org/?node=research&article_id=00102-02192006

CONFIRM - http://www.geeklog.net/article.php/geeklog-1.4.0sr1

XF - geeklog-users-sessions-sql-injection(24775)

BID - 16755

BUGTRAQ - 20060219 Geeklog Remote Code Execution

OSVDB - 23348


Last Updated: 27 May 2016 10:41:48