Submit #582904: chaitak-gorai blogbook latest version as of 2025/05/22 SQL Injectioninfo

Titlechaitak-gorai blogbook latest version as of 2025/05/22 SQL Injection
DescriptionA SQL injection vulnerability exists within a core post management interface of the BlogBook application, likely controlled by a source GET parameter (e.g., when source is edit_post or a default view). When a p_id GET parameter is provided, its value (stored as $edit_post_id) is directly concatenated into an SQL query (SELECT * FROM posts WHERE post_id={$edit_post_id}) without proper sanitization. This allows an attacker, potentially needing specific privileges to access this administrative functionality, to inject and execute arbitrary SQL commands, leading to unauthorized data access or manipulation.
Source⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20posts.php%20edit_post%20p_id%20Parameter%20SQL%20Injection.md
User
 bpy9ft (UID 85221)
Submission05/22/2025 07:50 (1 Year ago)
Moderation05/31/2025 18:13 (9 days later)
StatusAccepted
VulDB entry310742 [chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter edit_post.php edit_post_id sql injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!