3 matches found
CVE-2005-3362
This CVE entry is rejected/not used; refer to CVE-2005-3153.
CVE-2005-3153
Affected software: myBloggie 2.1.3 beta and earlier. Vulnerable component: login.php. Root cause / vector: remote attackers can bypass a whitelist regular expression and perform SQL injection via the username parameter when a null character is present, allowing injection into the query string. Th...
CVE-2005-3153
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a differe...