vendor:
BlogPHP
by:
IRCRASH
8.8
CVSS
HIGH
SQL Injection/XSS
89, 79
CWE
Product Name: BlogPHP
Affected Version From: V.2
Affected Version To: V.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
BlogPHP V.2 Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS)
BlogPHP V.2 is vulnerable to multiple remote vulnerabilities such as SQL Injection and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The XSS vulnerability can be exploited by sending a malicious script to the vulnerable website. The SQL Injection vulnerability can be exploited by sending a specially crafted SQL query to the vulnerable website.
Mitigation:
To mitigate the XSS vulnerability, input validation should be implemented to ensure that user-supplied data is properly sanitized. To mitigate the SQL Injection vulnerability, parameterized queries should be used instead of dynamic SQL queries.