CVE-2006-1334 - Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitra

CVE-2006-1334

Summary

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.

References

http://evuln.com/vulns/101/summary.html
http://secunia.com/advisories/19273
http://securityreason.com/securityalert/638
http://securitytracker.com/id?1015818
http://www.osvdb.org/23945
http://www.osvdb.org/23946
http://www.securityfocus.com/archive/1/428903/100/0/threaded
http://www.securityfocus.com/bid/17159
http://www.securityfocus.com/bid/17247
http://www.vupen.com/english/advisories/2006/0994
https://exchange.xforce.ibmcloud.com/vulnerabilities/25295

Vulnerable Configurations

cpe:2.3:a:maian_script_world:maian_weblog:*:*:*:*:*:*:*:*
cpe:2.3:a:maian_script_world:maian_weblog:*:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	17159 17247
bugtraq	20060327 [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities
misc	http://evuln.com/vulns/101/summary.html
osvdb	23945 23946
sectrack	1015818
secunia	19273
sreason	638
vupen	ADV-2006-0994
xf	maianweblog-printmail-sql-injection(25295)

Last major update

18-10-2018 - 16:32

Published

21-03-2006 - 01:06

Last modified

18-10-2018 - 16:32