Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. BlogPHP version 2.0 was released to fix the config.php exploit and is available for download at <a href"http://sourceforge.net/project/showfiles.php?group_id156043">http://sourceforge.net/project/showfiles.php?group_id156043</a>.
Publication date: Mon, 23 Jan 2006 02:03:00 +0000