2 matches found
CVE-2008-4072
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via 1 the sid parameter in a pickup action or 2 the sqlcid parameter, different vectors than CVE-2008-3588...
CVE-2008-4072
CVE-2008-4072 affects phsBlog 0.2 via SQL injection in index.php, exploitable through the sid parameter (pickup action) or the sql_cid parameter. The root cause, as stated, is unsafe SQL construction allowing remote attackers to insert arbitrary SQL. The connected documents do not provide concret...