CVE-2006-5228

🗓️ 10 Oct 2006 21:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

Google Gadget login.php SQL injection in Rob Hensley ackerTodo 4.

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2006-5228	10 Oct 200621:00	–	cvelist
EUVD	EUVD-2006-5213	7 Oct 202500:30	–	euvd
NVD	CVE-2006-5228	10 Oct 200621:07	–	nvd

NVD

Node

rob_hensley ackertodoMatch4.0

OR

rob_hensley ackertodoMatch4.2

Source	Link
osvdb	www.osvdb.org/29552
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/29375
securityreason	www.securityreason.com/securityalert/1703
vupen	www.vupen.com/english/advisories/2006/3951
ackertodo	www.ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php
ackertodo	www.ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php
secunia	www.secunia.com/advisories/22254
securityfocus	www.securityfocus.com/bid/20372
securitytracker	www.securitytracker.com/id
securityfocus	www.securityfocus.com/archive/1/447846/100/0/threaded

Parameter	Position	Path	Description	CWE
up_login	request body	gadget/login.php	SQL injection vulnerability allows remote attackers to execute arbitrary SQL via the up_login, up_pass, or up_num_tasks parameters in gadget/login.php.	CWE-89
up_pass	request body	gadget/login.php	SQL injection vulnerability allows remote attackers to execute arbitrary SQL via the up_login, up_pass, or up_num_tasks parameters in gadget/login.php.	CWE-89
up_num_tasks	request body	gadget/login.php	SQL injection vulnerability allows remote attackers to execute arbitrary SQL via the up_login, up_pass, or up_num_tasks parameters in gadget/login.php.	CWE-89

16 Jun 2026 22:30Current

8.9High risk

Vulners AI Score8.9

CVSS 27.5

EPSS0.02

sql injection google gadget rob hensley ackertodo 4.2 nvd