Description
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
Affected products
- betaparticle / betaparticle_blog6.0 – 6.0
- betaparticle / betaparticle_blog3.0 – 3.0
- betaparticle / betaparticle_blog4.0 – 4.0
- betaparticle / betaparticle_blog5.0 – 5.0
References
- MISChttp://www.osvdb.org/23966
- MISChttp://www.securityfocus.com/archive/1/428082
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1000
- MISChttp://www.nukedx.com/?viewdoc=20
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25327
- VENDOR_ADVISORYhttp://secunia.com/advisories/19292
- MISChttp://securityreason.com/securityalert/600
- MISChttp://blog.betaparticle.com/UserFiles/File/6fix.txt
- MISChttp://www.securityfocus.com/bid/17148
- MISChttp://securitytracker.com/id?1015788
- MISChttp://www.osvdb.org/23965