CVE-2006-2029

Simplog < 0.9.3 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsphp

https://www.exploit-db.com/exploits/1705

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1663

View Code ZIP pw:eip

References (12)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0649.html

[Various Sources] http://www.nukedx.com/?getxpl=25

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24877

[Various Sources] http://www.simplog.org/archive.php?blogid=1&pid=57

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25982

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/431760/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24878

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24879

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015976

[Third Party Advisory] http://secunia.com/advisories/19764

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1493

[Third Party Advisory] http://securityreason.com/securityalert/799

Scores

EPSS 0.0223

EPSS Percentile 84.6%

Details

Status published

Products (1)

simplog/simplog < 0.9.3

Published Apr 26, 2006

Tracked Since Feb 18, 2026