Vulnerabilities > CVE-2006-1778 - Unspecified vulnerability in Simplog
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Simplog <= 0.9.2 (s) Remote Commands Execution Exploit. CVE-2006-0146,CVE-2006-0147,CVE-2006-1776,CVE-2006-1777,CVE-2006-1778,CVE-2006-1779,CVE-2006-2029.... |
| file | exploits/php/webapps/1663.php |
| id | EDB-ID:1663 |
| last seen | 2016-01-31 |
| modified | 2006-04-11 |
| platform | php |
| port | |
| published | 2006-04-11 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1663/ |
| title | Simplog <= 0.9.2 s Remote Commands Execution Exploit |
| type | webapps |
Nessus
| NASL family | CGI abuses |
| NASL id | SIMPLOG_S_FILE_INCLUDE.NASL |
| description | The remote host is running Simplog, an open source blogging tool written in PHP. The version of Simplog installed on the remote host fails to sanitize input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21224 |
| published | 2006-04-14 |
| reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/21224 |
| title | Simplog <= 0.9.2 Multiple Vulnerabilities |
References
- http://retrogod.altervista.org/simplog_092_incl_xpl.html
- http://retrogod.altervista.org/simplog_092_incl_xpl.html
- http://secunia.com/advisories/19628
- http://secunia.com/advisories/19628
- http://securityreason.com/securityalert/702
- http://securityreason.com/securityalert/702
- http://securitytracker.com/id?1015904
- http://securitytracker.com/id?1015904
- http://www.osvdb.org/24560
- http://www.osvdb.org/24560
- http://www.osvdb.org/24561
- http://www.osvdb.org/24561
- http://www.securityfocus.com/archive/1/430743/100/0/threaded
- http://www.securityfocus.com/archive/1/430743/100/0/threaded
- http://www.securityfocus.com/bid/17491
- http://www.securityfocus.com/bid/17491
- http://www.vupen.com/english/advisories/2006/1332
- http://www.vupen.com/english/advisories/2006/1332
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25776
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25776
- https://www.exploit-db.com/exploits/1663
- https://www.exploit-db.com/exploits/1663