2 matches found
WebspotBlogging login.php远程SQL注入漏洞
BUGTRAQ ID: 16319 CVECAN ID: CVE-2006-0324 WebspotBlogging是一款PHP编写的Blog程序。 WebspotBlogging对用户提交给的参数缺少正确充分的过滤,远程攻击者可以利用此漏洞非授权操作数据库绕过认证。 WebspotBlogging的login.php脚本对用户提交username参数数据缺少充分过滤,远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。 WebspotBlogging WebspotBlogging 3.0 WebspotBlogging ---------------...
CVE-2006-0324
WebspotBlogging 3.0 is affected by a SQL injection in the login.php username parameter that allows remote attackers to bypass authentication and execute arbitrary SQL commands due to insufficient input filtering. Impact is authentication bypass and potential database access. The issue is tied to ...