EZ-Blog 'public/view.php' SQL Injection Vulnerability Network Vulnerability

Summary

EZ-Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. EZ-Blog Beta 1 is vulnerable other versions may also be affected.

Solution

Update to newer version if available at http://sourceforge.net/projects/ez-blog/ or set 'magic_quotes_gpc = On' in php.ini.

Severity

Classification

CVE CVE-2009-4805

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14

Take action and discover your vulnerabilities