Sql injection

2008-01-1822:00:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.

CPENameOperatorVersion
blog_cmseq4.2.1-c

CPE	Name	Operator	Version
	blog_cms	eq	4.2.1-c

References

blogcms.com/wiki/changelog

secunia.com/advisories/28523

www.securityfocus.com/bid/27317

marc.info/?l=bugtraq&m=120049816924383&w=2

www.exploit-db.com/exploits/4919