Vulnerabilities > CVE-2007-3557 - SQL Injection vulnerability in Wheatblog 1.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
wheatblog
Summary
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. Successful exploitation of this vulnerability requires that "register_globals" is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://osvdb.org/37063
- http://secunia.com/advisories/25903
- http://securityreason.com/securityalert/2856
- http://www.securityfocus.com/archive/1/472575/100/0/threaded
- http://www.securityfocus.com/bid/24715
- http://www.vupen.com/english/advisories/2007/2405
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35211