CVE-2007-1434 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2007-1434

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.

Affected Software

Name	Vendor	Start Version	End Version
Grayscale_blog	Grayscale	*	0.8.0 (including)

References

http://securityreason.com/securityalert/2417
http://www.securityfocus.com/archive/1/462441/100/0/threaded
http://www.securityfocus.com/bid/22911
http://www.vupen.com/english/advisories/2007/0916
http://securityreason.com/securityalert/2417
http://www.securityfocus.com/archive/1/462441/100/0/threaded
http://www.securityfocus.com/bid/22911
http://www.vupen.com/english/advisories/2007/0916