2 matches found
Sql injection
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...
CVE-2007-2305
The CVE-2007-2305 entry concerns multiple SQL injection flaws in the Quick and Dirty Blog (QDBlog) 0.4 (and possibly earlier) within the authenticated path. Specifically, the vulnerability resides in authenticate.php, where the (1) username and (2) password parameters can be manipulated to execut...