Vulnerabilities > CVE-2006-0372 - SQL Injection vulnerability in Insane Visions Blogphp 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. BlogPHP version 2.0 was released to fix the config.php exploit and is available for download at <a href="http://sourceforge.net/project/showfiles.php?group_id=156043">http://sourceforge.net/project/showfiles.php?group_id=156043</a>.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://securityreason.com/securityalert/365
- http://www.osvdb.org/22738
- http://www.securityfocus.com/archive/1/422483/100/0/threaded
- http://www.securityfocus.com/archive/1/422484/100/0/threaded
- http://www.securityfocus.com/archive/1/422593/100/0/threaded
- http://www.securityfocus.com/bid/16340
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24131