CVE-2005-2838
published 2005-09-07CVE-2005-2838: SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.38%
68.6th percentile
SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mywebland | mybloggie | — | — |
| mywebland | mybloggie | — | — |
| mywebland | mybloggie | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8v4-f26h-67pp: login
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3153 [HIGH] GHSA-f8v4-f26h-67pp: login
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
GHSA
GHSA-rp7w-mfr7-m79h: SQL injection vulnerability in login
ghsa_unreviewed·2022-05-01
CVE-2005-2838 [HIGH] GHSA-rp7w-mfr7-m79h: SQL injection vulnerability in login
SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
GHSA
GHSA-65vm-wjw5-2x4h: Multiple "potential" SQL injection vulnerabilities in myBloggie 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4225 [HIGH] GHSA-65vm-wjw5-2x4h: Multiple "potential" SQL injection vulnerabilities in myBloggie 2
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://glide.stanford.edu/yichen/research/sec.pdfhttp://marc.info/?l=bugtraq&m=112607358831963&w=2http://mywebland.com/forums/showtopic.php?t=399http://secunia.com/advisories/16699http://www.securityfocus.com/archive/1/419280/100/0/threadedhttp://www.securityfocus.com/bid/14739https://exchange.xforce.ibmcloud.com/vulnerabilities/22162http://glide.stanford.edu/yichen/research/sec.pdfhttp://marc.info/?l=bugtraq&m=112607358831963&w=2http://mywebland.com/forums/showtopic.php?t=399http://secunia.com/advisories/16699http://www.securityfocus.com/archive/1/419280/100/0/threadedhttp://www.securityfocus.com/bid/14739https://exchange.xforce.ibmcloud.com/vulnerabilities/22162
2005-09-07
Published