Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2029

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2029
Last Modified 07 Mar 2011 09:34:50
Published 25 Apr 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2029

Summary

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.

Vulnerable Systems

Application

  • Simplog 0.9.3


References

VUPEN - ADV-2006-1493

BUGTRAQ - 20060421 Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities.

OSVDB - 24879

OSVDB - 24878

OSVDB - 24877

MISC - http://www.nukedx.com/?getxpl=25

SECTRACK - 1015976

SECUNIA - 19764

FULLDISC - 20060423 RE: Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities.

XF - simplog-multiple-sql-injection(25982)

CONFIRM - http://www.simplog.org/archive.php?blogid=1&pid=57

SREASON - 799


Last Updated: 27 May 2016 10:42:18