CVE-2006-1778

critical

Description

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.

References

https://www.exploit-db.com/exploits/1663

https://exchange.xforce.ibmcloud.com/vulnerabilities/25776

http://www.vupen.com/english/advisories/2006/1332

http://www.securityfocus.com/bid/17491

http://www.securityfocus.com/archive/1/430743/100/0/threaded

http://www.osvdb.org/24561

http://www.osvdb.org/24560

http://securitytracker.com/id?1015904

http://securityreason.com/securityalert/702

http://secunia.com/advisories/19628

http://retrogod.altervista.org/simplog_092_incl_xpl.html

Details

Source: Mitre, NVD

Published: 2006-04-13

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical