CVE-2006-7123

Currently unrated

Key Information:

Vendor: Joomla
Status: Bsq Sitestats
Vendor: CVE Published:; 6 March 2007

Summary

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

References

http://www.securityfocus.com/bid/20267

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/29268

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/2360

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 5, 2007