Vulnerability Details CVE-2006-0823
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/18920
- http://www.geeklog.net/article.php/geeklog-1.4.0sr1
- http://www.gulftech.org/?node=research&article_id=00102-02192006
- http://www.osvdb.org/23348
- http://www.securityfocus.com/archive/1/425506/100/0/threaded
- http://www.securityfocus.com/bid/16755
- http://www.vupen.com/english/advisories/2006/0661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24775
- http://secunia.com/advisories/18920
- http://www.geeklog.net/article.php/geeklog-1.4.0sr1
- http://www.gulftech.org/?node=research&article_id=00102-02192006
- http://www.osvdb.org/23348
- http://www.securityfocus.com/archive/1/425506/100/0/threaded
- http://www.securityfocus.com/bid/16755
- http://www.vupen.com/english/advisories/2006/0661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24775
Products affected by CVE-2006-0823
-
cpe:2.3:a:geeklog:geeklog:1.3.11
-
cpe:2.3:a:geeklog:geeklog:1.3.11_sr1
-
cpe:2.3:a:geeklog:geeklog:1.3.11_sr2
-
cpe:2.3:a:geeklog:geeklog:1.3.11_sr3
-
cpe:2.3:a:geeklog:geeklog:1.4.0