CVE-2006-0823

critical

Description

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24775

http://www.vupen.com/english/advisories/2006/0661

http://www.securityfocus.com/bid/16755

http://www.securityfocus.com/archive/1/425506/100/0/threaded

http://www.osvdb.org/23348

http://www.gulftech.org/?node=research&article_id=00102-02192006

http://www.geeklog.net/article.php/geeklog-1.4.0sr1

http://secunia.com/advisories/18920

Details

Source: Mitre, NVD

Published: 2006-02-21

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01643

Detections

Analytics