CVE-2007-1434 Information

Description

SQL injection vulnerability in Grayscale Blog 0.8.0 and possibly earlier versions might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php id and (2) url parameter to (b) jump.php and id variable to (c) detail.php.

Reference

http://securityreason.com/securityalert/2417 http://www.securityfocus.com/archive/1/462441/100/0/threaded http://www.securityfocus.com/bid/22911 http://www.vupen.com/english/advisories/2007/0916 SQL injection vulnerability in Grayscale Blog 0.8.0 and possibly earlier versions might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php id and (2) url parameter to (b) jump.php and id variable to (c) detail.php.