CVE-2005-3076

Name of the Vulnerable Software and Affected Versions Simplog version 0.9.1

Description The issue allows remote attackers to execute arbitrary SQL commands or trigger SQL error messages. This can be achieved by providing invalid parameters to specific API endpoints, including pid, blogid, cid, or m parameters to "archive.php", or the blogid parameter to "blogadmin.php".

Recommendations For Simplog version 0.9.1, as a temporary workaround, consider validating and sanitizing the pid, blogid, cid, m, and blogid parameters in the "archive.php" and "blogadmin.php" files to prevent SQL injection attacks. Restrict access to these endpoints until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.