Vulnerabilities > CVE-2006-2029 - SQL-Injection vulnerability in Simplog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Simplog <= 0.9.3 (tid) Remote SQL Injection Exploit. CVE-2006-2029. Webapps exploit for php platform id EDB-ID:1705 last seen 2016-01-31 modified 2006-04-21 published 2006-04-21 reporter nukedx source https://www.exploit-db.com/download/1705/ title Simplog <= 0.9.3 tid Remote SQL Injection Exploit description Simplog <= 0.9.2 (s) Remote Commands Execution Exploit. CVE-2006-0146,CVE-2006-0147,CVE-2006-1776,CVE-2006-1777,CVE-2006-1778,CVE-2006-1779,CVE-2006-2029.... file exploits/php/webapps/1663.php id EDB-ID:1663 last seen 2016-01-31 modified 2006-04-11 platform php port published 2006-04-11 reporter rgod source https://www.exploit-db.com/download/1663/ title Simplog <= 0.9.2 s Remote Commands Execution Exploit type webapps
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0649.html
- http://secunia.com/advisories/19764
- http://securityreason.com/securityalert/799
- http://securitytracker.com/id?1015976
- http://www.nukedx.com/?getxpl=25
- http://www.osvdb.org/24877
- http://www.osvdb.org/24878
- http://www.osvdb.org/24879
- http://www.securityfocus.com/archive/1/431760/100/0/threaded
- http://www.simplog.org/archive.php?blogid=1&pid=57
- http://www.vupen.com/english/advisories/2006/1493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25982