CVE-2008-6805 Information

Description

Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3 when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php the (2) user parameter to login.php and the (3) site parameter to register.php.

Reference

http://secunia.com/advisories/32310 http://www.osvdb.org/49186 http://www.osvdb.org/49187 http://www.osvdb.org/49188 http://www.securityfocus.com/bid/31787 https://exchange.xforce.ibmcloud.com/vulnerabilities/45932 https://www.exploit-db.com/exploits/6764