Advertisement






Blog System v1.2 Multiple SQL Injection Vulnerabilities

CVE Category Price Severity
N/A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Not specified High
Author Risk Exploitation Type Date
ExploitAlert team High Remote 2005-12-13
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005120011

Below is a copy:

Blog System v1.2 (http://www.netartmedia.net/blogsystem/)
is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters.

http://[HOST]/index.php?mode=home&cat=-99[SQL CODE]

http://[HOST]/blog.php?user=[USER]&note=-99[SQL CODE]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.