Blog System v1.2 Multiple SQL Injection Vulnerabilities

2005.12.06

Credit: vipsta

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2005-4049

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Blog System v1.2 (http://www.netartmedia.net/blogsystem/)
is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters.

http://[HOST]/index.php?mode=home&cat=-99[SQL CODE]

http://[HOST]/blog.php?user=[USER]&note=-99[SQL CODE]

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Blog System v1.2 Multiple SQL Injection Vulnerabilities

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Blog System v1.2 Multiple SQL Injection Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.