1. CVE-Search
  2. CVE-2006-1778
ID CVE-2006-1778
Summary Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.
References
Vulnerable Configurations
  • cpe:2.3:a:simplog:simplog:*:*:*:*:*:*:*:*
    cpe:2.3:a:simplog:simplog:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17491
bugtraq 20060412 Simplog <=0.9.2 multiple vulnerabilities
exploit-db 1663
misc http://retrogod.altervista.org/simplog_092_incl_xpl.html
osvdb
  • 24560
  • 24561
sectrack 1015904
secunia 19628
sreason 702
vupen ADV-2006-1332
xf simplog-index-archive-sql-injection(25776)
Last major update 18-10-2018 - 16:36
Published 13-04-2006 - 10:02
Last modified 18-10-2018 - 16:36
Back to Top