CVE-2011-5110

Name of the Vulnerable Software and Affected Versions Blogs Manager versions 1.101 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to various API endpoints, including " authors list.php", " blogs list.php", " category list.php", " comments list.php", " policy list.php", " rate list.php", "categoriesblogs list.php", "chosen authors list.php", "chosen blogs list.php", "chosen comments list.php", and "help list.php" in the "blogs/" directory.

Recommendations For Blogs Manager versions 1.101 and earlier, as a temporary workaround, consider restricting access to the SearchField parameter in the affected API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.