CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-2189

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile28.56th
Published2006年5月4日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135.

Affected Platforms (CPE)

📦
Servous

Sblog

= 0.7.2

References & Advisories

🔗 http://securityreason.com/securityalert/836
🔗 http://www.osvdb.org/25612
🔗 http://www.securityfocus.com/archive/1/432724/100/0/threaded
🔗 http://www.securityfocus.com/bid/17782
🔗 http://www.subjectzero.net/research/sblog.htm
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26212
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26213
🔗 http://securityreason.com/securityalert/836

相關漏洞威脅

CVE-2007-58187.6

Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitr...

CVE-2007-18017.5

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary loc...

CVE-2006-01014.3

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbi...

CVE-2006-11354.3

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML v...