CVE-2006-2157

SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246.
Configurations

Configuration 1 (hide)

cpe:2.3:a:plogger:plogger:2.1:beta:*:*:*:*:*:*

History

21 Nov 2024, 00:10

Type Values Removed Values Added
References () http://retrogod.altervista.org/plogger_b21_sql_xpl.html - () http://retrogod.altervista.org/plogger_b21_sql_xpl.html -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/26273 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/26273 -

Information

Published : 2006-05-03 10:02

Updated : 2024-11-21 00:10


NVD link : CVE-2006-2157

Mitre link : CVE-2006-2157

CVE.ORG link : CVE-2006-2157


JSON object : View

Products Affected

plogger

  • plogger
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')