DIY-CMS blog mod SQL Injection (CVE-2011-5140)

An SQL injection vulnerability has been reported in DIY-CMS blog mod. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2011-5140

Affected software: DiY-CMS blog module 1.0. Vulnerability type: SQL injection at multiple endpoints via the start parameter (tags.php, list.php, index.php, main_index.php, viewpost.php, archive.php) and via month/year parameters to archive.php; also affects control/approve_comments.php, control/a...