CVE-2007-3003

myBloggie < 2.1.6 - SQL Injection via cat_id or year Parameter

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.

Exploits (1)

exploitdb WORKING POC VERIFIED
by [email protected] · textwebappsphp
https://www.exploit-db.com/exploits/30111

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34627
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2769
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470112/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24249
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38345

Scores

EPSS 0.0058
EPSS Percentile 69.1%

Details

Status published
Products (1)
mywebland/mybloggie < 2.1.6
Published Jun 04, 2007
Tracked Since Feb 18, 2026