CVE-2011-5110
Blogs Manager < 1.101 - SQL Injection via SearchField Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-5110. PoCs published by muuratsalo.
AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Blogs Manager <= 1.101 via multiple endpoints. It provides URLs with injectable parameters, confirming the presence of SQLi without including malicious payloads.
Description
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.
Exploits (1)
The exploit demonstrates SQL injection vulnerabilities in Blogs Manager <= 1.101 via multiple endpoints. It provides URLs with injectable parameters, confirming the presence of SQLi without including malicious payloads.