2 matches found
CVE-2006-1123
The CVE covers a SQL injection in D2KBlog 1.0.3 and earlier, exploitable via the memName cookie parameter. Root cause: unsafely constructed SQL using cookie data, enabling remote execution of arbitrary SQL commands. Impact is high (complete confidentiality, integrity, and availability) per the CV...
CVE-2006-1122
CVE-2006-1122 describes a cross-site scripting (XSS) vulnerability in Default.asp of D2KBlog 1.0.3 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the msg parameter. Affected software is D2KBlog prior to or at version 1.0.3; root cause is improper handling of us...