RSS   Vulnerabilities for 'Qdblog'   RSS

2007-04-26
 
CVE-2007-2305

 

 
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

 
 
CVE-2007-2304

 

 
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.

 


Copyright 2024, cxsecurity.com

 

Back to Top