Vulnerabilities > CVE-2007-1432 - Input Validation vulnerability in Grayscale Blog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns. CVE-2007-1432,CVE-2007-1433,CVE-2007-1434. Webapps exploit for php platform |
id | EDB-ID:3447 |
last seen | 2016-01-31 |
modified | 2007-03-09 |
published | 2007-03-09 |
reporter | Omni |
source | https://www.exploit-db.com/download/3447/ |
title | Grayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns |