CVE-2007-1434

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:grayscale:grayscale_blog:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:28

Type Values Removed Values Added
References () http://securityreason.com/securityalert/2417 - () http://securityreason.com/securityalert/2417 -
References () http://www.securityfocus.com/archive/1/462441/100/0/threaded - () http://www.securityfocus.com/archive/1/462441/100/0/threaded -
References () http://www.securityfocus.com/bid/22911 - Exploit () http://www.securityfocus.com/bid/22911 - Exploit
References () http://www.vupen.com/english/advisories/2007/0916 - () http://www.vupen.com/english/advisories/2007/0916 -

Information

Published : 2007-03-13 19:19

Updated : 2024-11-21 00:28


NVD link : CVE-2007-1434

Mitre link : CVE-2007-1434

CVE.ORG link : CVE-2007-1434


JSON object : View

Products Affected

grayscale

  • grayscale_blog