ID CVE-2006-7123
Summary Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
References
Vulnerable Configurations
  • cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 20267
bugtraq 20060929 Secunia Research: Joomla BSQ Sitestats Component MultipleVulnerabilities
misc http://secunia.com/secunia_research/2006-63/advisory/
sreason 2360
xf bsq-sitestats-bsqtemplateinc-sql-injection(29268)
Last major update 16-10-2018 - 16:29
Published 06-03-2007 - 01:19
Last modified 16-10-2018 - 16:29
Back to Top