CVE-2006-0823 - Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4

CVE-2006-0823

Summary

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

References

Vulnerable Configurations

cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16755
bugtraq	20060219 Geeklog Remote Code Execution
confirm	http://www.geeklog.net/article.php/geeklog-1.4.0sr1
misc	http://www.gulftech.org/?node=research&article_id=00102-02192006
osvdb	23348
secunia	18920
vupen	ADV-2006-0661
xf	geeklog-users-sessions-sql-injection(24775)

Last major update

18-10-2018 - 16:29

Published

21-02-2006 - 23:02

Last modified

18-10-2018 - 16:29