漏洞信息详情
EasyMoblog 多个SQL注入漏洞
- CNNVD编号:CNNVD-200702-076
- 危害等级: 高危
- CVE编号: CVE-2007-0759
- 漏洞类型: SQL注入
- 发布时间: 2007-02-05
- 威胁类型: 远程
- 更新时间: 2007-02-06
- 厂 商: umberto_caldera
- 漏洞来源: Tal Argoni and Leg...
漏洞简介
EasyMoblog 0.5.1版本中存在多个SQL注入漏洞。远程攻击者可以借助(1)i或(2)对add_comment.php的post_id参数,该参数会引起对libraries.inc.php的注入;或(3)对list_comments.php的i参数,该参数会触发对libraries.inc.php的注入,执行任意SQL指令。
漏洞公告
参考网址
来源: MISC
链接:http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog.txt
来源: MISC
链接:http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt
来源: BID
名称: 22369
链接:http://www.securityfocus.com/bid/22369
来源: SECUNIA
名称: 19370
链接:http://secunia.com/advisories/19370
来源: OSVDB
名称: 33636
链接:http://osvdb.org/33636
来源: FULLDISC
名称: 20070201 Remote Sql Injection in EasyMoblog 0.5.1
链接:http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0054.HTML
来源: FULLDISC
名称: 20070201 Remote Sql Injection in EasyMoblog 0.5.1 # 2
链接:http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0052.HTML
受影响实体
- Umberto_caldera Easymoblog:0.5.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论