2 matches found
Sql injection
Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter, or 2 the term parameter in a search action. NOTE: the currentsubsection parameter is already covered by CVE-2007-3889...
CVE-2007-3889
Affected: Insanely Simple Blog 0.5 and earlier. Vulnerability: multiple SQL injection weaknesses allowing remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. Root cause: improper input handling enabling injection. Imp...