CVE-2006-4857 Information

Description

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

Reference

http://secunia.com/advisories/21980 http://securityreason.com/securityalert/1599 http://www.securityfocus.com/archive/1/446074/100/0/threaded http://www.securityfocus.com/bid/20033 http://www.vupen.com/english/advisories/2006/3662 https://exchange.xforce.ibmcloud.com/vulnerabilities/28964