CVE-2007-4919

Jblog - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by s4mi · perlwebappsphp
https://www.exploit-db.com/exploits/4408
exploitdb WORKING POC VERIFIED
by s4mi · htmlwebappsphp
https://www.exploit-db.com/exploits/4211

References (4)

Scores

EPSS 0.0057
EPSS Percentile 68.8%

Details

CWE
CWE-89
Status published
Products (1)
jblog/jblog 1.0
Published Sep 17, 2007
Tracked Since Feb 18, 2026