PT-2006-1471 · E Moblog · E-Moblog
Aliaksandr Hartsuyeu
·
Published
2006-01-25
·
Updated
2018-10-19
·
CVE-2006-0403
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
e-moBLOG version 1.3
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
monthy parameter to "index.php" or the login parameter to "admin/index.php".Recommendations
For e-moBLOG version 1.3, consider restricting access to the "index.php" and "admin/index.php" endpoints until a fix is available. As a temporary workaround, avoid using the
monthy and login parameters in the affected API endpoints.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E-Moblog