SQL Injection Vulnerabilities in Insane Visions BlogPHP Config File
CVE-2006-0372

Currently unrated

Key Information:

Vendor: Insane Visions
Status: BlogPHP
Vendor: CVE Published:; 22 January 2006

🔔 Create Insane Visions Vulnerability Alert

What is CVE-2006-0372?

Insane Visions' BlogPHP version 1.0 is susceptible to multiple SQL injection vulnerabilities in its config.php file. This can potentially allow remote attackers to manipulate and execute arbitrary SQL commands by exploiting the blogphp_username and blogphp_password parameters embedded in cookies. Proper input validation and security configurations are essential to mitigate the risks associated with this vulnerability, which can lead to unauthorized access and potential data breaches.

References

http://www.securityfocus.com/bid/16340

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/422593/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/422484/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2006
Vulnerability Reserved
Jan 22, 2006

CVE-2006-0372 Data

JSON