CVE-2006-0823 Information

Description

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

Reference

http://secunia.com/advisories/18920 http://www.geeklog.net/article.php/geeklog-1.4.0sr1 http://www.gulftech.org/?node=research&article_id=00102-02192006 http://www.osvdb.org/23348 http://www.securityfocus.com/archive/1/425506/100/0/threaded http://www.securityfocus.com/bid/16755 http://www.vupen.com/english/advisories/2006/0661 https://exchange.xforce.ibmcloud.com/vulnerabilities/24775