CVE-2007-1434

grayscale_blog < 0.8.0 - SQL Injection via id or url Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1434. PoCs published by Omni.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in Grayscale Blog 0.8.0, including authentication bypass, XSS, and SQL injection. It provides examples and technical explanations but does not include functional exploit code.

Description

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Omni · textwebappsphp
https://www.exploit-db.com/exploits/3447

This is a security advisory detailing multiple vulnerabilities in Grayscale Blog 0.8.0, including authentication bypass, XSS, and SQL injection. It provides examples and technical explanations but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass | Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Grayscale Blog 0.8.0
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0916
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2417
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462441/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22911

Scores

EPSS 0.0099
EPSS Percentile 58.1%

Details

Status published
Products (1)
grayscale/grayscale_blog < 0.8.0
Published Mar 13, 2007
Tracked Since Feb 18, 2026