ID OSVDB:29286
Type osvdb
Reporter OSVDB
Modified 2006-09-29T11:18:52
Description
Technical Description
This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.
Solution Description
Upgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
References:
Vendor URL: http://developer.joomla.org/sf/projects/bsq_sitestats
Secunia Advisory ID:21859
Related OSVDB ID: 29287
Related OSVDB ID: 29284
Related OSVDB ID: 29285
Other Advisory URL: http://secunia.com/secunia_research/2006-63/
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0492.html
ISS X-Force ID: 29268
CVE-2006-7123
Bugtraq ID: 20267
{"edition": 1, "title": "BSQ Sitestats for Joomla bsqtemplateinc.php Multiple HTTP Header SQL Injection", "bulletinFamily": "software", "published": "2006-09-29T11:18:52", "lastseen": "2017-04-28T13:20:25", "modified": "2006-09-29T11:18:52", "reporter": "OSVDB", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:29286", "description": "## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Solution Description\nUpgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://developer.joomla.org/sf/projects/bsq_sitestats\n[Secunia Advisory ID:21859](https://secuniaresearch.flexerasoftware.com/advisories/21859/)\n[Related OSVDB ID: 29287](https://vulners.com/osvdb/OSVDB:29287)\n[Related OSVDB ID: 29284](https://vulners.com/osvdb/OSVDB:29284)\n[Related OSVDB ID: 29285](https://vulners.com/osvdb/OSVDB:29285)\nOther Advisory URL: http://secunia.com/secunia_research/2006-63/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0492.html\nISS X-Force ID: 29268\n[CVE-2006-7123](https://vulners.com/cve/CVE-2006-7123)\nBugtraq ID: 20267\n", "affectedSoftware": [], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-7123"]}, {"type": "osvdb", "idList": ["OSVDB:29285"]}], "modified": "2017-04-28T13:20:25", "rev": 2}, "vulnersScore": 6.4}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2006-7123"], "id": "OSVDB:29286", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:27", "description": "Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.", "edition": 4, "cvss3": {}, "published": "2007-03-06T01:19:00", "title": "CVE-2006-7123", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7123"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:joomla:bsq_sitestats:1.8.0"], "id": "CVE-2006-7123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7123", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joomla:bsq_sitestats:1.8.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "cvelist": ["CVE-2006-7123"], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://developer.joomla.org/sf/projects/bsq_sitestats\n[Secunia Advisory ID:21859](https://secuniaresearch.flexerasoftware.com/advisories/21859/)\n[Related OSVDB ID: 29287](https://vulners.com/osvdb/OSVDB:29287)\n[Related OSVDB ID: 29284](https://vulners.com/osvdb/OSVDB:29284)\n[Related OSVDB ID: 29286](https://vulners.com/osvdb/OSVDB:29286)\nOther Advisory URL: http://secunia.com/secunia_research/2006-63/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0492.html\nISS X-Force ID: 29268\n[CVE-2006-7123](https://vulners.com/cve/CVE-2006-7123)\nBugtraq ID: 20267\n", "modified": "2006-09-29T11:18:52", "published": "2006-09-29T11:18:52", "href": "https://vulners.com/osvdb/OSVDB:29285", "id": "OSVDB:29285", "title": "BSQ Sitestats for Joomla ip-to-country.csv Import Multiple Field SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
