Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyBloggie 'login.php'SQL注入漏洞
Vulnerability Description
MyBloggie 是一款高级的php/MySql博客系统。 MyBloggie 2.1.3 beta及之前版本的login.php可以使远程攻击者借助空字符后面带SQL的username参数,使白名单检查继续进行而将SQL注入查询字符串,从而绕过白名单正式表达式并进行SQL注入攻击。注: 此问题实际上可能是PHP代码的缺陷。如果是这样的话,则此问题不应当视为myBloggie漏洞。
CVSS Information
N/A
Vulnerability Type
N/A