CVE-2007-1899
published 2008-07-09CVE-2007-1899: Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a…
PriorityP431medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.8th percentile
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mywebland | mybloggie | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-94xg-xrqj-c42f: Cross-site request forgery (CSRF) vulnerability in admin
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2008-3080 [MEDIUM] CWE-352 GHSA-94xg-xrqj-c42f: Cross-site request forgery (CSRF) vulnerability in admin
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
GHSA
GHSA-m3hf-57g9-r49x: Multiple SQL injection vulnerabilities in myWebland myBloggie 2
ghsa_unreviewed·2022-05-01
CVE-2007-1899 [MEDIUM] CWE-89 GHSA-m3hf-57g9-r49x: Multiple SQL injection vulnerabilities in myWebland myBloggie 2
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
No detection rules found.
No writeups or analysis indexed.
http://descriptions.securescout.com/tc/17969http://secunia.com/advisories/30892http://www.netvigilance.com/advisory0040https://www.exploit-db.com/exploits/5975http://descriptions.securescout.com/tc/17969http://secunia.com/advisories/30892http://www.netvigilance.com/advisory0040https://www.exploit-db.com/exploits/5975
2008-07-09
Published