|
|
Family: CGI abuses --> Category: infos
bBlog <= 0.7.4 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in bBlog <= 0.7.4
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running bBlog, an open-source blog software
application.
According to its banner, the remote version of this software suffers
from several vulnerabilities:
o A SQL Injection Vulnerability
It is reportedly possible to inject SQL statements through
the 'postid' parameter of the 'index.php' script.
o Multiple Cross-Site Scripting Vulnerabilities
The application fails to properly sanitize user-supplied
input through the blog entry title field and the comment
body text.
See also :
http://www.nessus.org/u?6f0a35ed
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
