MyBloggie 2.1.x - 'index.php' Multiple SQL Injections
| EKU-ID: 35224 | CVE: CVE-2007-3003;OSVDB-38345 | OSVDB-ID: |
| Author: ls@calima.serapis.net | Published: 2007-05-31 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35224 | CVE: CVE-2007-3003;OSVDB-38345 | OSVDB-ID: |
| Author: ls@calima.serapis.net | Published: 2007-05-31 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/24249/info myBloggie is prone to an SQL-injection vulnerability. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This issue affects myBloggie 2.1.6 and earlier. http://www.example.com/apppath/index.php?mode=viewuser&cat_id=' http://www.example.com/apppath/index.php?mode=viewuser&month_no=4&year="