SQL injection vulnerability in podcast.php in Loudblog prior to 0.42 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
source: wwwsecurityfocuscom/bid/17023/info
Loudblog is prone to multiple input-validation vulnerabilities:
- An SQL-injection vulnerability
- Two local file-include vulnerabilities
- An information-disclosure vulnerability
These issues allow remote attackers to execute arbitrary PHP script code in the context of the hosting webserver ...