CVE-2006-2700 : SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlie

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

Published 2006-05-31 10:06:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Products affected by CVE-2006-2700

Geeklog » Geeklog
Versions up to, including, (<=) 1.4.0_sr2
cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3
cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.35
cpe:2.3:a:geeklog:geeklog:1.35:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.5 Sr1
cpe:2.3:a:geeklog:geeklog:1.3.5_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7
cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1
cpe:2.3:a:geeklog:geeklog:1.3.8_1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr1
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr2
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr3
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.6
cpe:2.3:a:geeklog:geeklog:1.3.6:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7 Sr1
cpe:2.3:a:geeklog:geeklog:1.3.7_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7 Sr2
cpe:2.3:a:geeklog:geeklog:1.3.7_sr2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Sr2
cpe:2.3:a:geeklog:geeklog:1.3.9_sr2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Sr3
cpe:2.3:a:geeklog:geeklog:1.3.9_sr3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.10
cpe:2.3:a:geeklog:geeklog:1.3.10:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7 Sr3
cpe:2.3:a:geeklog:geeklog:1.3.7_sr3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7 Sr5
cpe:2.3:a:geeklog:geeklog:1.3.7_sr5:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr5
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr5:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Sr1
cpe:2.3:a:geeklog:geeklog:1.3.9_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.7 Sr4
cpe:2.3:a:geeklog:geeklog:1.3.7_sr4:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8
cpe:2.3:a:geeklog:geeklog:1.3.8:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr4
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr4:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.8 1 Sr6
cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr6:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Rc2
cpe:2.3:a:geeklog:geeklog:1.3.9_rc2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Rc3
cpe:2.3:a:geeklog:geeklog:1.3.9_rc3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.10 Rc3
cpe:2.3:a:geeklog:geeklog:1.3.10_rc3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11
cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11 Rc1
cpe:2.3:a:geeklog:geeklog:1.3.11_rc1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11 Sr1
cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.10 Rc1
cpe:2.3:a:geeklog:geeklog:1.3.10_rc1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9
cpe:2.3:a:geeklog:geeklog:1.3.9:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.10 Rc2
cpe:2.3:a:geeklog:geeklog:1.3.10_rc2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11 Sr2
cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Rc1
cpe:2.3:a:geeklog:geeklog:1.3.9_rc1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11 Sr3
cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.4.0
cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.11 Sr4
cpe:2.3:a:geeklog:geeklog:1.3.11_sr4:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.4.0 Sr1
cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.9 Sr4
cpe:2.3:a:geeklog:geeklog:1.3.9_sr4:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.4.0 Beta1
cpe:2.3:a:geeklog:geeklog:1.4.0_beta1:*:*:*:*:*:*:*
Matching versions
Geeklog » Geeklog » Version: 1.3.5
cpe:2.3:a:geeklog:geeklog:1.3.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-2700

EPSS FAQ

0.85%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-2700

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-2700

http://www.geeklog.net/index.php?topic=Security

Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/2050

CVEs referencing this url
http://www.securityfocus.com/archive/1/435295/100/0/threaded

CVEs referencing this url
http://securityreason.com/securityalert/993

CVEs referencing this url
http://www.securityfocus.com/bid/18154

Exploit;Patch

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/26863

CVEs referencing this url
http://secunia.com/advisories/20316

About Secunia Research | Flexera
Exploit;Patch;Vendor Advisory

CVEs referencing this url
http://kapda.ir/advisory-336.html

Page Not Found - پروپوزال ســــرا
Exploit;Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-2700

Products affected by CVE-2006-2700

Exploit prediction scoring system (EPSS) score for CVE-2006-2700

CVSS scores for CVE-2006-2700

References for CVE-2006-2700