CVE-2006-4042

Опубликовано: 09 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.

Ссылки

http://retrogod.altervista.org/mybloggie_214_sql.html
http://secunia.com/advisories/21376
Vendor Advisory
http://securityreason.com/securityalert/1347
http://www.securityfocus.com/archive/1/442323/100/0/threaded
http://www.securityfocus.com/bid/19362
http://www.vupen.com/english/advisories/2006/3179
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28241
https://www.exploit-db.com/exploits/2118
http://retrogod.altervista.org/mybloggie_214_sql.html
http://secunia.com/advisories/21376
Vendor Advisory
http://securityreason.com/securityalert/1347
http://www.securityfocus.com/archive/1/442323/100/0/threaded
http://www.securityfocus.com/bid/19362
http://www.vupen.com/english/advisories/2006/3179
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28241
https://www.exploit-db.com/exploits/2118

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mywebland:mybloggie:*:*:*:*:*:*:*:*

Версия до 2.1.4 (включая)

EPSS

Процентиль: 85%

0.0262

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5j29-62xw-vgcv

github

почти 4 года назад