3 matches found
CVE-2007-1434
Grayscale Blog 0.8.0 (and possibly earlier) is affected by an SQL injection vulnerability. The vulnerable components are the PHP scripts userdetail.php (parameter id ), jump.php (parameter url ), and detail.php (parameter id ). Root cause: unsafely constructed SQL queries via these inputs, enabli...
CVE-2007-1433
CVE-2007-1433 is an XSS vulnerability affecting Grayscale Blog 0.8.0 (and possibly earlier). The issue arises in comment handling, allowing remote attackers to inject arbitrary web script or HTML via the comment fields in two pages: scripts/addblog_comment.php and detail.php. The NVD entry docume...
CVE-2007-1432
The CVE-2007-1432 entry concerns Grayscale Blog 0.8.0 (and possibly earlier) where remote attackers can gain privileges by sending crafted requests with modified arguments to PHP scripts (add_users.php, addblog.php, editblog.php, editlinks.php, edit_users.php, add_links.php). The underlying issue...