CVE-2006-0372

Name of the Vulnerable Software and Affected Versions Insane Visions BlogPHP version 1.0

Description The issue concerns SQL injection vulnerabilities in the config.php file. Remote attackers can execute arbitrary SQL commands by manipulating the blogphp username or blogphp password parameter in a cookie.

Recommendations For Insane Visions BlogPHP version 1.0, consider restricting access to the config.php file and validating user input to prevent SQL injection attacks. As a temporary workaround, avoid using the blogphp username and blogphp password parameters in cookies until a patch is available.