Description
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0916
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2417
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462441/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22911
Scores
EPSS
0.0097
EPSS Percentile
76.7%
Details
Status
published
Products (1)
grayscale/grayscale_blog
< 0.8.0
Published
Mar 13, 2007
Tracked Since
Feb 18, 2026