Description
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29583
Patch x_refsource_confirm
http://eggblog.net/news.php?id=39
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41512
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28497
Patch x_refsource_confirm
http://sourceforge.net/project/showfiles.php?group_id=155425&package_id=173141&release_id=587701
Scores
EPSS
0.0182
EPSS Percentile
76.2%
Details
CWE
CWE-20
CWE-89
Status
published
Products (1)
eggblog/eggblog
< 4.0
Published
Apr 02, 2008
Tracked Since
Feb 18, 2026