Vulnerabilities > CVE-2007-1432 - Input Validation vulnerability in Grayscale Blog

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
grayscale
exploit available

Summary

Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.

Vulnerable Configurations

Part Description Count
Application
Grayscale
1

Exploit-Db

descriptionGrayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns. CVE-2007-1432,CVE-2007-1433,CVE-2007-1434. Webapps exploit for php platform
idEDB-ID:3447
last seen2016-01-31
modified2007-03-09
published2007-03-09
reporterOmni
sourcehttps://www.exploit-db.com/download/3447/
titleGrayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns