CVE-2006-1778

Sažetak

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.

Reference

http://retrogod.altervista.org/simplog_092_incl_xpl.html
http://secunia.com/advisories/19628
http://securityreason.com/securityalert/702
http://securitytracker.com/id?1015904
http://www.osvdb.org/24560
http://www.osvdb.org/24561
http://www.securityfocus.com/archive/1/430743/100/0/threaded
http://www.securityfocus.com/bid/17491
http://www.vupen.com/english/advisories/2006/1332
https://exchange.xforce.ibmcloud.com/vulnerabilities/25776
https://www.exploit-db.com/exploits/1663

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:36

Objavljeno

13-04-2006 - 10:02