PT-2006-3969 · Blur6Ex · Blur6Ex

Rgod

Published

2006-06-19

Updated

2018-10-18

CVE-2006-3065

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions blur6ex version 0.3.462

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ID parameter in a 'proc reply' action within the 'blog' shard of the engine.

Recommendations For blur6ex version 0.3.462, avoid using the ID parameter in the 'proc reply' action of the 'blog' shard until a fix is available. Consider restricting access to the 'blog' shard to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3065

Affected Products

Blur6Ex

PT-2006-3969 · Blur6Ex · Blur6Ex

CVE-2006-3065

Related Identifiers

Affected Products

References · 7