Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2008-6077

Published: 06/02/2009 Updated: 29/09/2017
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Loudblog

Vulnerability Summary

SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and previous versions allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.

Vulnerable Product Search on Vulmon Subscribe to Product

loudblog loudblog 0.7

loudblog loudblog

loudblog loudblog 0.8.0

loudblog loudblog 0.5

loudblog loudblog 0.6

Exploits

Exploit DB: LoudBlog 0.8.0a - 'ajax.php' SQL Injection
#!/usr/bin/perl # This Exploit requires a valid user name and password of an account regardless of the permissions # # Author: Xianur0 # Affected: All Versions # Bug: SQL Injection # # Doorks: # allintext: "powered by LoudBlog" use HTTP::Request::Common qw(POST); use LWP::UserAgent; use Digest::MD5 qw(md5_hex); $ua = LWP::UserAgent-> ...

References

CWE-89http://www.securityfocus.com/bid/31878http://secunia.com/advisories/32378https://exchange.xforce.ibmcloud.com/vulnerabilities/46045https://www.exploit-db.com/exploits/6808https://nvd.nist.govhttps://www.exploit-db.com/exploits/6808/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook