{"api_version":"1","generated_at":"2026-07-04T04:07:39+00:00","cve":"CVE-2006-4042","urls":{"html":"https://cve.report/CVE-2006-4042","api":"https://cve.report/api/cve/CVE-2006-4042.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-4042","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-4042"},"summary":{"title":"CVE-2006-4042","description":"Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-08-09 23:04:00","updated_at":"2018-10-17 21:33:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2006/3179","name":"ADV-2006-3179","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/19362","name":"19362","refsource":"BID","tags":[],"title":"MyBloggie Trackback.PHP Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/28241","name":"mybloggie-trackback-sql-injection(28241)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1347","name":"1347","refsource":"SREASON","tags":[],"title":"SecurityReason - MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://retrogod.altervista.org/mybloggie_214_sql.html","name":"http://retrogod.altervista.org/mybloggie_214_sql.html","refsource":"MISC","tags":[],"title":"Error 404 :(","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/2118","name":"2118","refsource":"EXPLOIT-DB","tags":[],"title":"MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections - PHP webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/442323/100/0/threaded","name":"20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21376","name":"21376","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - myBloggie SQL Injection and Table Prefix Disclosure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-4042","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4042","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"4042","vulnerable":"1","versionEndIncluding":"2.1.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mywebland","cpe5":"mybloggie","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-4042","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-3179","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/3179"},{"name":"19362","refsource":"BID","url":"http://www.securityfocus.com/bid/19362"},{"name":"20060805 MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/442323/100/0/threaded"},{"name":"2118","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/2118"},{"name":"21376","refsource":"SECUNIA","url":"http://secunia.com/advisories/21376"},{"name":"mybloggie-trackback-sql-injection(28241)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"},{"name":"1347","refsource":"SREASON","url":"http://securityreason.com/securityalert/1347"},{"name":"http://retrogod.altervista.org/mybloggie_214_sql.html","refsource":"MISC","url":"http://retrogod.altervista.org/mybloggie_214_sql.html"}]}},"nvd":{"publishedDate":"2006-08-09 23:04:00","lastModifiedDate":"2018-10-17 21:33:00","problem_types":["CWE-89"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mywebland:mybloggie:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"4042","Ordinal":"19368","Title":"CVE-2006-4042","CVE":"CVE-2006-4042","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"4042","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"4042","Ordinal":"2","NoteData":"2006-08-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"4042","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}