Published: 18/01/2008 Updated: 19/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote malicious users to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.

Affected Products

Vendor Product Versions
Blog CmsBlog Cms4.2.1 C


Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003 Application: Blogcms Versions Affected: Blogcms 421b Vendor URL: blogcmscom/ Bugs: SQL Injestions, SiXSS, XSS Exploits: YES Reported: 15012008 ...