ID CVE-2006-3832
Summary SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.1
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.1
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.2
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.2
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.3
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.3
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.4
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.4
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.5
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.5
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.41
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.41
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.42
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.42
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.43
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.43
  • cpe:2.3:a:gerrit_van_aaken:loudblog:0.44
    cpe:2.3:a:gerrit_van_aaken:loudblog:0.44
CVSS
Base: 7.5 (as of 26-07-2006 - 10:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure. CVE-2006-3832. Webapps exploit for php platform
id EDB-ID:2050
last seen 2016-01-31
modified 2006-07-21
published 2006-07-21
reporter rgod
source https://www.exploit-db.com/download/2050/
title LoudBlog <= 0.5 id SQL Injection / Admin Credentials Disclosure
nessus via4
NASL family CGI abuses
NASL id LOUDBLOG_ID_SQL_INJECTION.NASL
description The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticated attacker to uncover sensitive information such as password hashes, modify data, launch attacks against the underlying database, etc. Note that successful exploitation is possible regardless of PHP's 'magic_quotes_gpc' setting.
last seen 2019-02-21
modified 2018-11-15
plugin id 22091
published 2006-07-25
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=22091
title Loudblog index.php id Parameter SQL Injection
refmap via4
bugtraq 20060720 LoudBlog <=0.5 Sql injection
confirm
misc http://retrogod.altervista.org/loudblog_05_sql.html
osvdb 27442
secunia 21157
sreason 1274
vupen ADV-2006-2934
xf loudblog-index-sql-injection(27896)
Last major update 07-03-2011 - 21:39
Published 25-07-2006 - 09:22
Last modified 17-10-2018 - 17:31
Back to Top