CVE-2006-4043 - Vulnerability Details - OpenCVE

index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mywebland	Mybloggie

Configuration 1 [-]

OR	cpe:2.3:a:mywebland:mybloggie::::::::
	cpe:2.3:a:mywebland:mybloggie:2.1.1:::::::*
	cpe:2.3:a:mywebland:mybloggie:2.1.2:::::::*
	cpe:2.3:a:mywebland:mybloggie:2.1.3:::::::*
	cpe:2.3:a:mywebland:mybloggie:2.1.3_beta:::::::*

No data.

References

Link	Providers
http://retrogod.altervista.org/mybloggie_214_sql.html
http://secunia.com/advisories/21376
http://securityreason.com/securityalert/1347
http://www.securityfocus.com/archive/1/442323/100/0/threaded
http://www.vupen.com/english/advisories/2006/3179
https://exchange.xforce.ibmcloud.com/vulnerabilities/28242
https://www.exploit-db.com/exploits/2118

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-09T23:00:00

Updated: 2024-08-07T18:57:45.662Z

Reserved: 2006-08-09T00:00:00

Link: CVE-2006-4043

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-09T23:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4043

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-3179", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3179"}, {"name": "20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"}, {"name": "2118", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2118"}, {"name": "21376", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21376"}, {"name": "mybloggie-index-information-disclosure(28242)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"}, {"name": "1347", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1347"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/mybloggie_214_sql.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2006-4043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-3179", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3179"}, {"name": "20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"}, {"name": "2118", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2118"}, {"name": "21376", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21376"}, {"name": "mybloggie-index-information-disclosure(28242)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"}, {"name": "1347", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1347"}, {"name": "http://retrogod.altervista.org/mybloggie_214_sql.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/mybloggie_214_sql.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:57:45.662Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-3179", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3179"}, {"name": "20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"}, {"name": "2118", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2118"}, {"name": "21376", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21376"}, {"name": "mybloggie-index-information-disclosure(28242)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"}, {"name": "1347", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1347"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/mybloggie_214_sql.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4043", "datePublished": "2006-08-09T23:00:00", "dateReserved": "2006-08-09T00:00:00", "dateUpdated": "2024-08-07T18:57:45.662Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mywebland:mybloggie:*:*:*:*:*:*:*:*", "matchCriteriaId": "75798A07-13C1-4BEE-9575-0E5EDEFC94F9", "versionEndIncluding": "2.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mywebland:mybloggie:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6763A-BD4B-4A6B-8AF3-04B4BCEC4FDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mywebland:mybloggie:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3897412E-B35E-44CE-91C6-6BBA9EB5B047", "vulnerable": true}, {"criteria": "cpe:2.3:a:mywebland:mybloggie:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E310D0A0-AB13-44D3-847B-505D4E7EB011", "vulnerable": true}, {"criteria": "cpe:2.3:a:mywebland:mybloggie:2.1.3_beta:*:*:*:*:*:*:*", "matchCriteriaId": "74E0FF8C-1AEA-46C0-A867-F2728AA5E069", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."}, {"lang": "es", "value": "index.php en myWebland myBloggie 2.1.4 y versiones anteriores permite a atacantes remotos obtener informaci\u00f3n confidencial mediante una consulta que solo especifica el modo viewsate, la cual revela el prefijo de la tabla en un mensaje de error SQL."}], "id": "CVE-2006-4043", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-09T23:04:00.000", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/mybloggie_214_sql.html"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21376"}, {"source": "[email protected]", "url": "http://securityreason.com/securityalert/1347"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2006/3179"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/2118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/mybloggie_214_sql.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/21376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2118"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}