CVE-2006-2725 - SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execu

CVE-2006-2725

Summary

SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. The vendor has released version 3.0.7 of eggblog to address this issue.

References

Vulnerable Configurations

cpe:2.3:a:epic_designs:eggblog:*:*:*:*:*:*:*:*
cpe:2.3:a:epic_designs:eggblog:*:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	18140
bugtraq	20060528 Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities 20060529 RE: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities
misc	http://www.nukedx.com/?getxpl=36 http://www.nukedx.com/?viewdoc=36
secunia	20352
vupen	ADV-2006-2030
xf	eggblog-posts-sql-injection(26832)

Last major update

18-10-2018 - 16:41

Published

01-06-2006 - 10:02

Last modified

18-10-2018 - 16:41