CVE-2008-2184

Toocharger Smartblog - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5535

View on exploitdb

References (4)

[Vendor Advisory] http://secunia.com/advisories/30057

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42190

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42245

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29043

Scores

EPSS 0.0027

EPSS Percentile 49.7%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

toocharger/smartblog

Timeline

Published May 13, 2008

Tracked Since Feb 18, 2026