CVE-2008-2184

Toocharger Smartblog - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5535

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/30057

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42190

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42245

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29043

Scores

EPSS 0.0027

EPSS Percentile 50.0%

Details

CWE

CWE-89

Status published

Products (1)

toocharger/smartblog 1.3

Published May 13, 2008

Tracked Since Feb 18, 2026