Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5110

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5110
Last Modified 24 Aug 2012 12:00:00
Published 23 Aug 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5110

Summary

Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.

Vulnerable Systems

Application

  • John Geo Blogs Manager 1.101


References

XF - blogsmanager-searchfield-sql-injection(71401)

BID - 50731

BUGTRAQ - 20111119 Blogs manager <= 1.101 SQL Injection Vulnerability

EXPLOIT-DB - 18129

MISC - http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881

SECUNIA - 46918

OSVDB - 77260

OSVDB - 77259

OSVDB - 77258

OSVDB - 77257

OSVDB - 77256

OSVDB - 77255

OSVDB - 77254

OSVDB - 77253

OSVDB - 77252

OSVDB - 77251

OSVDB - 77250

FULLDISC - 20111118 Blogs manager <= 1.101 SQL Injection Vulnerability


Last Updated: 27 May 2016 11:00:18