Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3065

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3065
Last Modified 07 Mar 2011 09:37:33
Published 19 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3065

Summary

SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.

Vulnerable Systems

Application

  • Blursoft Blur6ex 0.3.462


References

VUPEN - ADV-2006-2341

BUGTRAQ - 20060612 blur6ex <= 0.3.462 'ID' blind sql injection

SECUNIA - 20646

XF - blur6ex-blog-id-sql-injection(27120)

SREASON - 1113

MILW0RM - 1904


Last Updated: 27 May 2016 10:42:52