SQL Injection Vulnerability in BlogPHP 1.0 by BlogPHP
CVE-2006-0318

Currently unrated

Key Information:

Vendor: Insane Visions
Status: BlogPHP
Vendor: CVE Published:; 19 January 2006

🔔 Create Insane Visions Vulnerability Alert

What is CVE-2006-0318?

The BlogPHP 1.0 platform has an SQL injection vulnerability discovered in index.php when the magic_quotes_gpc feature is disabled. This weakness allows malicious users to execute arbitrary SQL commands simply by manipulating the username parameter during login processes. Such exploitation can lead to unauthorized access, enabling attackers to bypass authentication mechanisms and potentially compromise the security of the application and its data.

References

http://secunia.com/advisories/18467

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/16269

vdb-entryx_refsource_BID

http://www.osvdb.org/22495

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2006
Vulnerability Reserved
Jan 19, 2006

CVE-2006-0318 Data

JSON