Vulnerabilities > Simplog > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-18 | CVE-2006-5398 | SQL Injection vulnerability in Simplog 0.9.3.1 SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2006-04-13 | CVE-2006-1778 | SQL Injection vulnerability in Simplog Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. | 7.5 |
| 2006-04-13 | CVE-2006-1777 | Remote File Include vulnerability in Simplog Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php. | 7.5 |
| 2006-04-13 | CVE-2006-1776 | Remote File Include vulnerability in Simplog PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | 7.5 |
| 2005-09-27 | CVE-2005-3076 | SQL Injection vulnerability in Simplog 0.9.1 Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php. | 7.5 |