| Title | chaitak-gorai blogbook latest version as of 2025/05/22 SQL Injection |
|---|
| Description | The BlogBook application is vulnerable to SQL injection via the search parameter in the "search.php" script. An unauthenticated attacker can exploit this by submitting a specially crafted search term through a POST request. This allows arbitrary SQL command execution on the backend database, potentially leading to unauthorized access to all database content, data manipulation, and denial of service. |
|---|
| Source | ⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20search.php%20search%20Parameter%20SQL%20Injection.md |
|---|
| User | bpy9ft (UID 85221) |
|---|
| Submission | 05/22/2025 09:36 (1 Year ago) |
|---|
| Moderation | 05/31/2025 18:13 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310744 [chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter /search.php Search denial of service] |
|---|
| Points | 19 |
|---|