CVE-2008-2197

Miniweb2 Blog Writer - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by HaCkeR_EgY · textwebappsphp

https://www.exploit-db.com/exploits/5548

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/7586

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/30085

[Exploit] http://www.securityfocus.com/bid/29061

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42220

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5548

Scores

EPSS 0.0058

EPSS Percentile 69.0%

Details

CWE

CWE-89

Status published

Products (1)

miniweb2/blog_writer 2.0

Published May 14, 2008

Tracked Since Feb 18, 2026