SimpleBlog v.3.0 SQL Injection Security VulnerabilityDescriptionInput passed to the "id" parameter in "/admin/approveComment.asp" is not properly sanitised before being used in a SQL query. Various scripts in the "admin" directory do not properly authenticate user requests. Confirmed in versions: 3.0. Other versions may also be affected. Impact Successful exploitation allows an attacker to gain administrative privileges. References Original Advisory Product Homepage View entire list of over 400 known Web Application Vulnerabilities and the specific technologies which they target. See Web Vulnerabilities in popular applications such as: WordPress, Tiki Wiki, PHPNuke, PHPMyAdmin, phpBB, Mambo, PHP-Fusion, Mantis, Invision Power Board Get latest new web vulnerabilities via RSS |
|
