PluggedOut.Blog.Index.PHP.SQL.Injection
Description
SQL injection vulnerability in index.php, in PluggedOut Blog 1.9.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
Affected Products
PluggedOut Blog 1.9.5
PluggedOut Blog 1.9.4
Impact
Arbitrary SQL command execution.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |