CVE-2007-6577

zBlog 1.2 - SQL Injection via categ or article Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6577. PoCs published by Houssamix.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in zBlog v1.2, allowing an attacker to extract admin credentials (username, password, and email) via crafted UNION-based SQL queries in the 'categ' and 'article' parameters.

Description

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Houssamix · textwebappsphp
https://www.exploit-db.com/exploits/4772

This exploit demonstrates a SQL injection vulnerability in zBlog v1.2, allowing an attacker to extract admin credentials (username, password, and email) via crafted UNION-based SQL queries in the 'categ' and 'article' parameters.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: zBlog v1.2
No auth needed
Prerequisites: Target must be running zBlog v1.2 with default or known table prefix
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39239
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39774
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26994
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39775
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4772

Scores

EPSS 0.0102
EPSS Percentile 58.8%

Details

CWE
CWE-89
Status published
Products (1)
zsuite/zblog 1.2
Published Dec 28, 2007
Tracked Since Feb 18, 2026