PT-2005-5216 · Eggblog · Eggblog

Published

2005-12-28

Updated

2017-07-20

CVE-2005-4546

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions eggblog version 2.0

Description The issue allows remote attackers to obtain the full path via an invalid q parameter, possibly due to an SQL injection vulnerability, as used by the Keyword and Search fields in the search.php file.

Recommendations For eggblog version 2.0, consider restricting access to the search.php file or validating the q parameter to prevent SQL injection attacks until a patch is available. As a temporary workaround, avoid using the Keyword and Search fields with invalid input.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4546

Affected Products

Eggblog

PT-2005-5216 · Eggblog · Eggblog

CVE-2005-4546

Related Identifiers

Affected Products

References · 7