Vulnerability Description
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bill Roberts | Bloo | <= 1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29338Vendor Advisory
- http://www.securityfocus.com/bid/28203Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41141
- https://www.exploit-db.com/exploits/5234
- http://secunia.com/advisories/29338Vendor Advisory
- http://www.securityfocus.com/bid/28203Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41141
- https://www.exploit-db.com/exploits/5234
FAQ
What is CVE-2008-1313?
CVE-2008-1313 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, an...
How severe is CVE-2008-1313?
CVE-2008-1313 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1313?
Check the references section above for vendor advisories and patch information. Affected products include: Bill Roberts Bloo.