CVE-2006-0240

critical

Description

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24155

http://www.vupen.com/english/advisories/2006/0194

http://www.osvdb.org/22447

http://www.hackerscenter.com/archive/view.asp?id=21926

Details

Source: Mitre, NVD

Published: 2006-01-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00988