CVE-2006-4857

critical

Description

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28964

http://www.vupen.com/english/advisories/2006/3662

http://www.securityfocus.com/bid/20033

http://www.securityfocus.com/archive/1/446074/100/0/threaded

http://securityreason.com/securityalert/1599

http://secunia.com/advisories/21980

Details

Source: Mitre, NVD

Published: 2006-09-19

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00689

Detections

Analytics