header-logo
Suggest Exploit
vendor:
myBloggie
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: myBloggie
Affected Version From: 2.1.2006
Affected Version To: 2.1.2006
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SQL Injection vulnerability in myBloggie

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Mitigation:

The vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24249/info

myBloggie is prone to an SQL-injection vulnerability.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

This issue affects myBloggie 2.1.6 and earlier.

http://www.example.com/apppath/index.php?mode=viewuser&cat_id='
http://www.example.com/apppath/index.php?mode=viewuser&month_no=4&year="

Navigation

Suggest Exploit

Services By CQR