CVE-2009-0968
fMoblog <= 2.1 - SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
Vulnerabilidad de inyección SQL en fmoblog.php en el plugin fMoblog 2.1 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" a "index.php". NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros.
The fMoblog plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-03-17 CVE Published
- 2009-03-18 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://osvdb.org/52836 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/49296 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/8229 | 2024-08-07 | |
http://www.securityfocus.com/bid/34147 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/34341 | 2017-09-29 | |
http://www.vupen.com/english/advisories/2009/0752 | 2017-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fahlstad Search vendor "Fahlstad" | Fmoblog Plugin Search vendor "Fahlstad" for product "Fmoblog Plugin" | 2.1 Search vendor "Fahlstad" for product "Fmoblog Plugin" and version "2.1" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|