CVE-2006-0205

critical

Description

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24108

https://exchange.xforce.ibmcloud.com/vulnerabilities/24105

http://www.vupen.com/english/advisories/2006/0185

http://www.securityfocus.com/bid/16227

http://www.securityfocus.com/archive/1/421746/100/0/threaded

http://www.securityfocus.com/archive/1/421745/100/0/threaded

http://securityreason.com/securityalert/346

http://securityreason.com/securityalert/345

http://secunia.com/advisories/18440

Details

Source: Mitre, NVD

Published: 2006-01-13

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01579