2 matches found
CVE-2009-0409
SQL injection vulnerability in offlineauth.php in Max.Blog 1.0.6 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2009-0409
CVE-2009-0409 is a SQL injection vulnerability in offline_auth.php of Max.Blog 1.0.6 and earlier. The issue occurs when magic_quotes_gpc is disabled, allowing an attacker to craft a username parameter that leads to arbitrary SQL execution. Affected product: Max.Blog (versions up to 1.0.6). Root c...