CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-1626

SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v2 Score 7.5

References

http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152
http://www.securityfocus.com/bid/34729
https://www.exploit-db.com/exploits/8547
http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152
http://www.securityfocus.com/bid/34729
https://www.exploit-db.com/exploits/8547

Products affected by CVE-2009-1626

Will Kraft » Ez-Blog » Version: Any

cpe:2.3:a:will_kraft:ez-blog:*
Will Kraft » Ez-Blog » Version: N/A

cpe:2.3:a:will_kraft:ez-blog:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-1626

Products

Pricing

Contact Us