Vulnerabilities > CVE-2006-0324 - SQL Injection vulnerability in Webspot Webspotblogging 3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
webspot
exploit available
NVD
Published: 2006-01-19
Updated: 2018-10-19

Summary

SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.

Vulnerable Configurations

Part Description Count
Application
Webspot
1

Exploit-Db

descriptionWebspotBlogging 3.0 Login.PHP SQL Injection Vulnerability. CVE-2006-0324. Webapps exploit for php platform
idEDB-ID:27114
last seen2016-02-03
modified2006-01-19
published2006-01-19
reporterAliaksandr Hartsuyeu
sourcehttps://www.exploit-db.com/download/27114/
titleWebspotBlogging 3.0 Login.PHP SQL Injection Vulnerability

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 16319 CVE(CAN) ID: CVE-2006-0324 WebspotBlogging是一款PHP编写的Blog程序。 WebspotBlogging对用户提交给的参数缺少正确充分的过滤,远程攻击者可以利用此漏洞非授权操作数据库绕过认证。 WebspotBlogging的login.php脚本对用户提交username参数数据缺少充分过滤,远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。 WebspotBlogging WebspotBlogging 3.0 WebspotBlogging --------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://blogging.webspot.co.uk/ target=_blank>http://blogging.webspot.co.uk/</a>
idSSV:4232
last seen2017-11-19
modified2006-08-20
published2006-08-20
reporterRoot
titleWebspotBlogging login.php远程SQL注入漏洞

References