CyberSec.Space Logo
Back to CVE Browser

CVE-2006-2189

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile28.56th
PublishedMay 4, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135.

Affected Platforms (CPE)

πŸ“¦
Servous

Sblog

= 0.7.2

References & Advisories

πŸ”— http://securityreason.com/securityalert/836
πŸ”— http://www.osvdb.org/25612
πŸ”— http://www.securityfocus.com/archive/1/432724/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/17782
πŸ”— http://www.subjectzero.net/research/sblog.htm
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26212
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26213
πŸ”— http://securityreason.com/securityalert/836

Related Vulnerabilities

CVE-2007-58187.6

Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitr...

CVE-2007-18017.5

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary loc...

CVE-2006-01014.3

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbi...

CVE-2006-11354.3

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML v...