CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4054

HIGH
7.5
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile34.62th
Published2005年12月7日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.

Affected Platforms (CPE)

📦
Pluggedout

Pluggedout Blog

<= 1.9.4
📦
Pluggedout

Pluggedout Blog

= 1.9.5

References & Advisories

🔗 http://pridels0.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html
🔗 http://secunia.com/advisories/17911
🔗 http://www.osvdb.org/21480
🔗 http://www.securityfocus.com/bid/15746
🔗 http://www.vupen.com/english/advisories/2005/2750
🔗 http://pridels0.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html
🔗 http://secunia.com/advisories/17911
🔗 http://www.osvdb.org/21480

関連する脆弱性情報

CVE-2006-05637.5

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via th...

CVE-2006-05624.3

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web ...

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2005-000210.0

poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, whi...