CVE-2009-0968 – fMoblog <= 2.1 - SQL Injection

https://notcve.org/view.php?id=CVE-2009-0968

SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en fmoblog.php en el plugin fMoblog 2.1 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" a "index.php". NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. The fMoblog plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://www.exploit-db.com/exploits/8229 http://osvdb.org/52836 http://secunia.com/advisories/34341 http://www.securityfocus.com/bid/34147 http://www.vupen.com/english/advisories/2009/0752 https://exchange.xforce.ibmcloud.com/vulnerabilities/49296 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •