Summary
Psychoblogger is a CMS package aimed at providing weblogs (or 'blogs') with an easy to set up system for editing and authoring the content. One of its scripts contains an SQL injection vulnerability.
An attacker may use this flaw to gain the control of the remote database and create arbitrary accounts.
Solution
Upgrade to the latest version of this CGI suite.
Severity
Classification
-
CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- AOLserver Default Password
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)