Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1333

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1333
Last Modified 07 Mar 2011 09:32:49
Published 20 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1333

Summary

Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.

Vulnerable Systems

Application

  • Betaparticle Blog 3.0

  • Betaparticle Blog 4.0

  • Betaparticle Blog 5.0

  • Betaparticle Blog 6.0


References

SECUNIA - 19292

VUPEN - ADV-2006-1000

BID - 17148

BUGTRAQ - 20060318 Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL InjectionVulnerabilities

MISC - http://www.nukedx.com/?viewdoc=20

CONFIRM - http://blog.betaparticle.com/UserFiles/File/6fix.txt

XF - bpblog-multiple-sql-injection(25327)

OSVDB - 23966

OSVDB - 23965

SECTRACK - 1015788

SREASON - 600


Last Updated: 27 May 2016 10:42:02