Vulnerability Description
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mywebland | Mybloggie | 2.1.3_beta |
References
- http://marc.info/?l=bugtraq&m=112818273307878&w=2
- http://mywebland.com/forums/showtopic.php?t=399
- http://rgod.altervista.org/mybloggie213b.htmlExploit
- http://securityreason.com/securityalert/42
- http://securitytracker.com/id?1014995Exploit
- http://www.osvdb.org/19935
- http://marc.info/?l=bugtraq&m=112818273307878&w=2
- http://mywebland.com/forums/showtopic.php?t=399
- http://rgod.altervista.org/mybloggie213b.htmlExploit
- http://securityreason.com/securityalert/42
- http://securitytracker.com/id?1014995Exploit
- http://www.osvdb.org/19935
FAQ
What is CVE-2005-3153?
CVE-2005-3153 is a vulnerability with a CVSS score of 7.5 (HIGH). login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null characte...
How severe is CVE-2005-3153?
CVE-2005-3153 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3153?
Check the references section above for vendor advisories and patch information. Affected products include: Mywebland Mybloggie.