Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1778

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1778
Last Modified 07 Mar 2011 09:34:06
Published 13 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1778

Summary

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.

Vulnerable Systems

Application

  • Simplog 0.9.2


References

VUPEN - ADV-2006-1332

BID - 17491

BUGTRAQ - 20060412 Simplog <=0.9.2 multiple vulnerabilities

OSVDB - 24561

OSVDB - 24560

SECTRACK - 1015904

SECUNIA - 19628

MISC - http://retrogod.altervista.org/simplog_092_incl_xpl.html

MILW0RM - 1663

XF - simplog-index-archive-sql-injection(25776)

SREASON - 702


Last Updated: 27 May 2016 10:42:10