Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2670

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2670
Last Modified 29 Jan 2009 01:50:54
Published 11 Jun 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2670

Summary

Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.

Vulnerable Systems

Application

  • Insanelysimple2 Isblog 0.5


References

BID - 29630

BUGTRAQ - 20080610 [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

MILW0RM - 5774

SREASON - 3938

MISC - http://chroot.org/exploits/chroot_uu_010


Last Updated: 27 May 2016 10:47:56