CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
69.8%
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
www.gulftech.org/?node=research&article_id=00120-07312008
www.osvdb.org/50189
www.osvdb.org/50190
www.osvdb.org/50191
www.osvdb.org/50192
www.osvdb.org/50193
www.osvdb.org/50194
www.osvdb.org/50195
www.osvdb.org/50196
www.osvdb.org/50197
www.osvdb.org/50198
www.securityfocus.com/archive/1/494987/100/0/threaded
www.securityfocus.com/bid/30458
exchange.xforce.ibmcloud.com/vulnerabilities/44193
www.exploit-db.com/exploits/6173