CVE-2006-1778 Information
Description
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php the (2) m and (3) y parameters in archive.php and the (4) sql parameter in (c) server.php.
Reference
http://retrogod.altervista.org/simplog_092_incl_xpl.html http://secunia.com/advisories/19628 http://securityreason.com/securityalert/702 http://securitytracker.com/id?1015904 http://www.osvdb.org/24560 http://www.osvdb.org/24561 http://www.securityfocus.com/archive/1/430743/100/0/threaded http://www.securityfocus.com/bid/17491 http://www.vupen.com/english/advisories/2006/1332 https://exchange.xforce.ibmcloud.com/vulnerabilities/25776 https://www.exploit-db.com/exploits/1663
Share on: