3 matches found
CVE-2005-4054
CVE-2005-4054 describes a SQL injection vulnerability in index.php of PluggedOut Blog 1.9.5 and earlier. The issue allows remote attackers to inject arbitrary SQL commands through the parameters (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day. The connected documents confirm the aff...
CVE-2006-0563
PluggedOut Blog 1.9.9c has a SQL injection vulnerability in exec.php, exploitable via the entryid parameter in the comment_add action. This allows remote attackers to execute arbitrary SQL commands. The vulnerability is rated HIGH (CVSS v2 base score 7.5) by NVD, but the provided documents do not...
CVE-2006-0562
The CVE-2006-0562 entry describes a Cross-site Scripting (XSS) vulnerability in PluggedOut Blog 1.9.9c, where an attacker can inject arbitrary web script or HTML through the data parameter of problem.php. The vulnerability enables an attacker to execute script in a user’s browser, with the impact...