ID de Prueba:	1.3.6.1.4.1.25623.1.0.15466
Categoría:	Web application abuses
Título:	bBlog SQL injection flaw
Resumen:	The remote server runs a version of bBlog which is as old as or; older than version 0.7.4.
Descripción:	Summary: The remote server runs a version of bBlog which is as old as or older than version 0.7.4. Vulnerability Insight: The remote version of this software is affected by a SQL injection attacks in the script 'rss.php'. This issue is due to a failure of the application to properly sanitize user-supplied input. Vulnerability Impact: An attacker may use these flaws to execute arbitrary PHP code on this host or to take the control of the remote database. Solution: Upgrade to version 0.7.4 or newer. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1570 BugTraq ID: 11303 http://www.securityfocus.com/bid/11303 Bugtraq: 20041001 SQL Injection vulnerability in bBlog 0.7.3 (Google Search) http://marc.info/?l=bugtraq&m=109665351632048&w=2 http://www.servers.co.nz/security/SCN200409-1.php http://secunia.com/advisories/12691 XForce ISS Database: bblog-array-sql-injection(17552) https://exchange.xforce.ibmcloud.com/vulnerabilities/17552
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.