Published: 13/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplog simplog

#!/usr/bin/php -q -d short_open_tag=on <? echo "Simplog <= 092 \"s\" remote cmmnds xctn\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n\r\n"; echo "dork: intext:\"Powered by simplog\"\r\n\r\n"; if ($argc<5) { echo "Usage: php "$argv[0]" host path location cmd OPTIONS\r\n"; echo "host: t ...

NVD-CWE-Other http://retrogod.altervista.org/simplog_092_incl_xpl.html http://secunia.com/advisories/19628 http://www.securityfocus.com/bid/17491 http://www.osvdb.org/24560 http://www.osvdb.org/24561 http://securitytracker.com/id?1015904 http://securityreason.com/securityalert/702 http://www.vupen.com/english/advisories/2006/1332 https://exchange.xforce.ibmcloud.com/vulnerabilities/25776 https://www.exploit-db.com/exploits/1663 http://www.securityfocus.com/archive/1/430743/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1663/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1778

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect