Vulnerabilities > CVE-2007-1434 - SQL-Injection vulnerability in Grayscale Blog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns. CVE-2007-1432,CVE-2007-1433,CVE-2007-1434. Webapps exploit for php platform |
id | EDB-ID:3447 |
last seen | 2016-01-31 |
modified | 2007-03-09 |
published | 2007-03-09 |
reporter | Omni |
source | https://www.exploit-db.com/download/3447/ |
title | Grayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns |