- Description
- Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:8pixel.net:simple_blog:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F539872D-187C-4421-9886-BB909FABB1ED",
"versionEndIncluding": "2.1"
}
],
"operator": "OR"
}
]
}
]