CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-2670

Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://chroot.org/exploits/chroot_uu_010
http://securityreason.com/securityalert/3938
http://www.securityfocus.com/archive/1/493224/100/0/threaded
http://www.securityfocus.com/bid/29630
https://www.exploit-db.com/exploits/5774
http://chroot.org/exploits/chroot_uu_010
http://securityreason.com/securityalert/3938
http://www.securityfocus.com/archive/1/493224/100/0/threaded
http://www.securityfocus.com/bid/29630
https://www.exploit-db.com/exploits/5774

Products affected by CVE-2008-2670

Insanelysimple2 » Isblog » Version: 0.5

cpe:2.3:a:insanelysimple2:isblog:0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2670

Products

Pricing

Contact Us