CVE-2006-7123

critical

Description

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29268

http://www.securityfocus.com/bid/20267

http://www.securityfocus.com/archive/1/447356/100/0/threaded

http://securityreason.com/securityalert/2360

http://secunia.com/secunia_research/2006-63/advisory/

Details

Source: Mitre, NVD

Published: 2007-03-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00015