CVE-2019-7587

2019-02-0719:29:00

Google

osv.dev

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.6%

JSON

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.

CPENameOperatorVersion
bweq1.0.4
bweq1.6.0-r
bweq1.2.1-r
bweq1.2.1
bweqV1.6.0
bweqV1.1.0
bweq1.0.6
bweq1.0.8-r
bweq1.4.0
bweq1.0.7-r

Name	Operator	Version
bw	eq	1.0.4
bw	eq	1.6.0-r
bw	eq	1.2.1-r
bw	eq	1.2.1
bw	eq	V1.6.0
bw	eq	V1.1.0
bw	eq	1.0.6
bw	eq	1.0.8-r
bw	eq	1.4.0
bw	eq	1.0.7-r

Rows per page:

1-10 of 141

References

c3tsec.wordpress.com/2019/01/12/sql-injection-in-bo-blog-wind-cms/