CVE-2005-1500
Last modified
CVE-2005-1500 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.. EPSS estimates a 2.54% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mywebland | Mybloggie | 2.1.1 |
| Mywebland | Mybloggie | 2.1.3 |
References
- http://secunia.com/advisories/14980Vendor Advisory
- http://secunia.com/advisories/14980Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-1500?
How severe is CVE-2005-1500?
How do I fix CVE-2005-1500?
Are you affected by CVE-2005-1500?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST