CVE-2005-4225

Name of the Vulnerable Software and Affected Versions myBloggie version 2.1.3 beta

Description The issue allows remote attackers to execute arbitrary SQL commands via multiple parameters in various PHP files, including category in "add.php", cat desc in "addcat.php", level and user in "adduser.php", post id in "del.php", cat id in "delcat.php", comment id in "delcomment.php", id in "deluser.php", post id and category in "edit.php", cat id and cat desc in "editcat.php", and id, level, and user in "edituser.php".

Recommendations For myBloggie version 2.1.3 beta, consider temporarily restricting access to the vulnerable parameters, such as category, cat desc, level, user, post id, cat id, comment id, and id, in the respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.