Intrusion Prevention

PluggedOut.Blog.Index.PHP.SQL.Injection

Description

SQL injection vulnerability in index.php, in PluggedOut Blog 1.9.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.

Affected Products

PluggedOut Blog 1.9.5
PluggedOut Blog 1.9.4

Impact

Arbitrary SQL command execution.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2005-4054