PluggedOut.Blog.Index.PHP.SQL.Injection

description-logoDescription

SQL injection vulnerability in index.php, in PluggedOut Blog 1.9.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.

affected-products-logoAffected Products

PluggedOut Blog 1.9.5
PluggedOut Blog 1.9.4

Impact logoImpact

Arbitrary SQL command execution.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)