cpe:/a:phpee:power_phlogger:2.2.2:alpha cpe:/a:phpee:power_phlogger:2.2.2:beta cpe:/a:phpee:power_phlogger:2.2.3 cpe:/a:phpee:power_phlogger:2.2.4 cpe:/a:phpee:power_phlogger:2.2.5 CVE-2007-3399 2007-06-26T13:30:00.000-04:00 2017-07-28T21:32:13.847-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-06-27T10:59:00.000-04:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070625 POWER PHLOGGER v.2.2.5 (username) SQL Injection BID 24622 SREASON 2833 OSVDB 38229 OSVDB 38944 VUPEN ADV-2007-2433 XF powerphlogger-login-sql-injection(35043) XF pphlogger-getuserdata-sql-injection(35258) SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.