BlognPlus 'index.php' Multiple SQL Injection Vulnerabilities

Bugtraq ID:	30104
Class:	Input Validation Error
CVE:	CVE-2008-3090
Remote:	Yes
Local:	No
Published:	Jul 04 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Tan Chew Keong
Vulnerable:	Blogn BlognPlus 2.5.5
Not Vulnerable:

BlognPlus 'index.php' Multiple SQL Injection Vulnerabilities

BlognPlus is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions up to and including BlognPlus 2.5.5 are vulnerable.

BlognPlus 'index.php' Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

BlognPlus 'index.php' Multiple SQL Injection Vulnerabilities

Solution:
The vendor has released BlognPlus 2.5.6 to address these issues. Please see the references for more information.

BlognPlus 'index.php' Multiple SQL Injection Vulnerabilities

References: