CVE-2006-0205 Information

Description

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

Reference

http://evuln.com/vulns/27/summary.html http://evuln.com/vulns/28/summary.html http://secunia.com/advisories/18440 http://securityreason.com/securityalert/345 http://securityreason.com/securityalert/346 http://www.osvdb.org/22358 http://www.securityfocus.com/archive/1/421745/100/0/threaded http://www.securityfocus.com/archive/1/421746/100/0/threaded http://www.securityfocus.com/bid/16227 http://www.vupen.com/english/advisories/2006/0185 https://exchange.xforce.ibmcloud.com/vulnerabilities/24105 https://exchange.xforce.ibmcloud.com/vulnerabilities/24108