Vulnerabilities > CVE-2006-4857 - SQL Injection vulnerability in Clicktech Clickblog 2.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
clicktech
exploit available
NVD
Published: 2006-09-19
Updated: 2018-10-17

Summary

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

Vulnerable Configurations

Part Description Count
Application
Clicktech
1

Exploit-Db

descriptionClickBlog! 2.0 Default.ASP SQL Injection Vulnerability. CVE-2006-4857. Webapps exploit for asp platform
idEDB-ID:28577
last seen2016-02-03
modified2006-09-14
published2006-09-14
reporterajann
sourcehttps://www.exploit-db.com/download/28577/
titleClickBlog! 2.0 Default.ASP SQL Injection Vulnerability

References