Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in © server.php.
retrogod.altervista.org/simplog_092_incl_xpl.html
secunia.com/advisories/19628
securityreason.com/securityalert/702
securitytracker.com/id?1015904
www.osvdb.org/24560
www.osvdb.org/24561
www.securityfocus.com/archive/1/430743/100/0/threaded
www.securityfocus.com/bid/17491
www.vupen.com/english/advisories/2006/1332
exchange.xforce.ibmcloud.com/vulnerabilities/25776
www.exploit-db.com/exploits/1663