CVE-2006-1778

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://retrogod.altervista.org/simplog_092_incl_xpl.html
http://secunia.com/advisories/19628	Vendor Advisory
http://securityreason.com/securityalert/702
http://securitytracker.com/id?1015904
http://www.osvdb.org/24560
http://www.osvdb.org/24561
http://www.securityfocus.com/archive/1/430743/100/0/threaded
http://www.securityfocus.com/bid/17491
http://www.vupen.com/english/advisories/2006/1332
https://exchange.xforce.ibmcloud.com/vulnerabilities/25776
https://www.exploit-db.com/exploits/1663

Configurations

Configuration 1 (hide)

cpe:2.3:a:simplog:simplog:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-04-13 10:02

Updated : 2018-10-18 16:36

NVD link : CVE-2006-1778

Mitre link : CVE-2006-1778

CVE.ORG link : CVE-2006-1778

JSON object : View

Products Affected

simplog

simplog

CWE

NVD-CWE-Other

{"id": "CVE-2006-1778", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-04-13T10:02:00.000", "references": [{"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19628", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/702", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015904", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24560", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24561", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17491", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1332", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25776", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1663", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php."}], "lastModified": "2018-10-18T16:36:19.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simplog:simplog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768E3141-0A67-4C59-9275-107C08CC90DA", "versionEndIncluding": "0.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}