Vulnerabilities > Drumster
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-14 | CVE-2007-2661 | SQL Injection vulnerability in Drumster Blogme 3.0 SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | 7.5 |
2006-11-20 | CVE-2006-5976 | Input Validation vulnerability in Drumster Blogme 3.0 Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. | 7.5 |
2006-11-20 | CVE-2006-5975 | Input Validation vulnerability in Drumster Blogme 3.0 Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. network drumster | 6.8 |