Vulnerabilities > CVE-2006-1123 - Input Validation vulnerability in D2KBlog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | d2kBlog 1.0.3 (memName) Remote SQL Injection Exploit. CVE-2006-1123. Webapps exploit for asp platform |
id | EDB-ID:1569 |
last seen | 2016-01-31 |
modified | 2006-03-09 |
published | 2006-03-09 |
reporter | DevilBox |
source | https://www.exploit-db.com/download/1569/ |
title | d2kBlog 1.0.3 memName Remote SQL Injection Exploit |
References
- http://secunia.com/advisories/19177
- http://securityreason.com/securityalert/559
- http://www.osvdb.org/23770
- http://www.securityfocus.com/archive/1/427103/100/0/threaded
- http://www.securityfocus.com/bid/17035
- http://www.vupen.com/english/advisories/2006/0896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25215