Vulnerabilities > CVE-2007-2305 - Unspecified vulnerability in Qdblog
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN qdblog
exploit available
Summary
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities. CVE-2007-2304,CVE-2007-2305. Webapps exploit for php platform |
| file | exploits/php/webapps/3729.txt |
| id | EDB-ID:3729 |
| last seen | 2016-01-31 |
| modified | 2007-04-13 |
| platform | php |
| port | |
| published | 2007-04-13 |
| reporter | Omni |
| source | https://www.exploit-db.com/download/3729/ |
| title | qdblog 0.4 SQL Injection/lfi Multiple Vulnerabilities |
| type | webapps |
References
- http://osvdb.org/35746
- http://osvdb.org/35746
- http://www.securityfocus.com/bid/23485
- http://www.securityfocus.com/bid/23485
- http://www.vupen.com/english/advisories/2007/1387
- http://www.vupen.com/english/advisories/2007/1387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33631
- https://www.exploit-db.com/exploits/3729
- https://www.exploit-db.com/exploits/3729