CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4054

HIGH
7.5
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile34.62th
PublishedDec 7, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.

Affected Platforms (CPE)

πŸ“¦
Pluggedout

Pluggedout Blog

<= 1.9.4
πŸ“¦
Pluggedout

Pluggedout Blog

= 1.9.5

References & Advisories

πŸ”— http://pridels0.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html
πŸ”— http://secunia.com/advisories/17911
πŸ”— http://www.osvdb.org/21480
πŸ”— http://www.securityfocus.com/bid/15746
πŸ”— http://www.vupen.com/english/advisories/2005/2750
πŸ”— http://pridels0.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html
πŸ”— http://secunia.com/advisories/17911
πŸ”— http://www.osvdb.org/21480

Related Vulnerabilities

CVE-2006-05637.5

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via th...

CVE-2006-05624.3

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web ...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...