CVE-2006-3832

SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://loudblog.de/forum/viewtopic.php?id=762	Exploit
http://loudblog.de/forum/viewtopic.php?id=770
http://retrogod.altervista.org/loudblog_05_sql.html	Exploit
http://secunia.com/advisories/21157
http://securityreason.com/securityalert/1274
http://www.osvdb.org/27442
http://www.securityfocus.com/archive/1/440763/100/0/threaded
http://www.vupen.com/english/advisories/2006/2934
https://exchange.xforce.ibmcloud.com/vulnerabilities/27896
http://loudblog.de/forum/viewtopic.php?id=762	Exploit
http://loudblog.de/forum/viewtopic.php?id=770
http://retrogod.altervista.org/loudblog_05_sql.html	Exploit
http://secunia.com/advisories/21157
http://securityreason.com/securityalert/1274
http://www.osvdb.org/27442
http://www.securityfocus.com/archive/1/440763/100/0/threaded
http://www.vupen.com/english/advisories/2006/2934
https://exchange.xforce.ibmcloud.com/vulnerabilities/27896

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gerrit_van_aaken:loudblog:0.1:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.2:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.3:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.4:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.5:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.41:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.42:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.43:::::::*
	cpe:2.3:a:gerrit_van_aaken:loudblog:0.44:::::::*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://loudblog.de/forum/viewtopic.php?id=762 - Exploit~~	() http://loudblog.de/forum/viewtopic.php?id=762 - Exploit
References	~~() http://loudblog.de/forum/viewtopic.php?id=770 -~~	() http://loudblog.de/forum/viewtopic.php?id=770 -
References	~~() http://retrogod.altervista.org/loudblog_05_sql.html - Exploit~~	() http://retrogod.altervista.org/loudblog_05_sql.html - Exploit
References	~~() http://secunia.com/advisories/21157 -~~	() http://secunia.com/advisories/21157 -
References	~~() http://securityreason.com/securityalert/1274 -~~	() http://securityreason.com/securityalert/1274 -
References	~~() http://www.osvdb.org/27442 -~~	() http://www.osvdb.org/27442 -
References	~~() http://www.securityfocus.com/archive/1/440763/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/440763/100/0/threaded -
References	~~() http://www.vupen.com/english/advisories/2006/2934 -~~	() http://www.vupen.com/english/advisories/2006/2934 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27896 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27896 -

Information

Published : 2006-07-25 13:22

Updated : 2025-04-03 01:03

NVD link : CVE-2006-3832

Mitre link : CVE-2006-3832

CVE.ORG link : CVE-2006-3832

JSON object : View

Products Affected

gerrit_van_aaken

loudblog

CWE

NVD-CWE-Other

{"id": "CVE-2006-3832", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-25T13:22:00.000", "references": [{"url": "http://loudblog.de/forum/viewtopic.php?id=762", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://loudblog.de/forum/viewtopic.php?id=770", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/loudblog_05_sql.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21157", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1274", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27442", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/440763/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2934", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27896", "source": "cve@mitre.org"}, {"url": "http://loudblog.de/forum/viewtopic.php?id=762", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://loudblog.de/forum/viewtopic.php?id=770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://retrogod.altervista.org/loudblog_05_sql.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21157", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1274", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/27442", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/440763/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2934", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27896", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en Gerrit van Aaken Loudblog 0.5 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F17E5977-B8FF-4D16-9C97-AA1AC3ED4C8A"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC60116B-ECDE-425B-8164-B6C6AE4CC76F"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75C80931-083A-4F93-A69C-CCE0726FC3BA"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7CBFB6-DB9C-4DA2-AFD9-DCCA48AC6305"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDD94A5-01FB-4A61-BAA9-7875D5B18867"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D065C6-34FF-47E5-AF1E-E342D29EB188"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62AC146-CD00-461E-94D5-B83A2F091414"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DC22B80-2D74-4799-85D9-11BC9F1B6229"}, {"criteria": "cpe:2.3:a:gerrit_van_aaken:loudblog:0.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0CA4C3A-B15E-4C3A-A59C-19C575FCD081"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10