2 matches found
Sql injection
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058...
CVE-2005-4058
CVE-2005-4058 : A SQL injection vulnerability exists in SaralBlog 1.x and earlier that allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. The CVE entry notes a base score of 7.5 (HIGH) with network attack vector, low complexity, and no authenticatio...