CVE-2007-2305

Qdblog < 0.4 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Omni · textwebappsphp

https://www.exploit-db.com/exploits/3729

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33631

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1387

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3729

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23485

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/35746

Scores

EPSS 0.0071

EPSS Percentile 72.4%

Details

Status published

Products (1)

qdblog/qdblog < 0.4

Published Apr 26, 2007

Tracked Since Feb 18, 2026