CVE-2006-4857

Опубликовано: 19 сент. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

Ссылки

http://secunia.com/advisories/21980
Vendor Advisory
http://securityreason.com/securityalert/1599
http://www.securityfocus.com/archive/1/446074/100/0/threaded
http://www.securityfocus.com/bid/20033
http://www.vupen.com/english/advisories/2006/3662
https://exchange.xforce.ibmcloud.com/vulnerabilities/28964
http://secunia.com/advisories/21980
Vendor Advisory
http://securityreason.com/securityalert/1599
http://www.securityfocus.com/archive/1/446074/100/0/threaded
http://www.securityfocus.com/bid/20033
http://www.vupen.com/english/advisories/2006/3662
https://exchange.xforce.ibmcloud.com/vulnerabilities/28964

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clicktech:clickblog:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01071

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8x95-jpw3-wx7x

github

почти 4 года назад