{"result": {"osvdb": [{"id": "OSVDB:24385", "type": "osvdb", "title": "wpBlog index.php postid Variable SQL Injection", "description": "## Vulnerability Description\nwpBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'postid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Technical Description\nThis vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nwpBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'postid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.wireplastik.com/\nSecurity Tracker: 1015951\n[Secunia Advisory ID:19538](https://secuniaresearch.flexerasoftware.com/advisories/19538/)\nOther Advisory URL: http://evuln.com/vulns/119/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0349.html\nKeyword: EV0119\nISS X-Force ID: 25628\nFrSIRT Advisory: ADV-2006-1238\n[CVE-2006-1639](https://vulners.com/cve/CVE-2006-1639)\nBugtraq ID: 17381\n", "published": "2006-04-04T05:02:36", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:24385", "cvelist": ["CVE-2006-1639"], "lastseen": "2017-04-28T13:20:21"}]}}