CVE-2008-6805

Micgr Mic Blog - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · phpwebappsphp

https://www.exploit-db.com/exploits/6764

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/32310

[Exploit] http://www.securityfocus.com/bid/31787

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6764

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45932

[Third Party Advisory, VDB Entry] http://www.osvdb.org/49186

[Third Party Advisory, VDB Entry] http://www.osvdb.org/49187

[Third Party Advisory, VDB Entry] http://www.osvdb.org/49188

Scores

EPSS 0.0069

EPSS Percentile 72.0%

Details

CWE

CWE-89

Status published

Products (1)

micgr/mic_blog 0.0.3

Published May 11, 2009

Tracked Since Feb 18, 2026