3 matches found
E107 BLOG Engine Plugin SQL Injection (CVE-2008-2455)
An SQL injection vulnerability has been reported in E107coders E107 Blog Engine. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Sql injection
SQL injection vulnerability in macgurublogmenu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected...
CVE-2008-2455
CVE-2008-2455: SQL injection in MacGuru BLOG Engine plugin 2.2 for e107, in comment.php via the rid parameter, allowing remote SQL execution. Affected: MacGuru BLOG Engine plugin 2.2 on e107. Base CVSS 7.5 (HIGH) with network attack, low complexity, no authentication. No remediation details provi...