CVE-2011-5110 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
John Geo	Blogs Manager

Configuration 1 [-]

cpe:2.3:a:john_geo:blogs_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html
http://osvdb.org/77250
http://osvdb.org/77251
http://osvdb.org/77252
http://osvdb.org/77253
http://osvdb.org/77254
http://osvdb.org/77255
http://osvdb.org/77256
http://osvdb.org/77257
http://osvdb.org/77258
http://osvdb.org/77259
http://osvdb.org/77260
http://secunia.com/advisories/46918
http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881
http://www.exploit-db.com/exploits/18129
http://www.securityfocus.com/archive/1/520571/100/0/threaded
http://www.securityfocus.com/bid/50731
https://exchange.xforce.ibmcloud.com/vulnerabilities/71401

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-23T20:00:00

Updated: 2024-08-07T00:23:40.244Z

Reserved: 2012-08-23T00:00:00

Link: CVE-2011-5110

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-23T20:55:02.530

Modified: 2024-11-21T01:33:39.613

Link: CVE-2011-5110

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20111118 Blogs manager <= 1.101 SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"}, {"name": "77255", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77255"}, {"name": "77256", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77256"}, {"name": "77259", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77259"}, {"name": "77251", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77251"}, {"name": "77257", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77257"}, {"name": "77258", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77258"}, {"name": "blogsmanager-searchfield-sql-injection(71401)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"}, {"name": "18129", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18129"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"}, {"name": "77252", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77252"}, {"name": "77260", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77260"}, {"name": "77254", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77254"}, {"name": "20111119 Blogs manager <= 1.101 SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"}, {"name": "50731", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50731"}, {"name": "77250", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77250"}, {"name": "77253", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77253"}, {"name": "46918", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46918"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20111118 Blogs manager <= 1.101 SQL Injection Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"}, {"name": "77255", "refsource": "OSVDB", "url": "http://osvdb.org/77255"}, {"name": "77256", "refsource": "OSVDB", "url": "http://osvdb.org/77256"}, {"name": "77259", "refsource": "OSVDB", "url": "http://osvdb.org/77259"}, {"name": "77251", "refsource": "OSVDB", "url": "http://osvdb.org/77251"}, {"name": "77257", "refsource": "OSVDB", "url": "http://osvdb.org/77257"}, {"name": "77258", "refsource": "OSVDB", "url": "http://osvdb.org/77258"}, {"name": "blogsmanager-searchfield-sql-injection(71401)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"}, {"name": "18129", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18129"}, {"name": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881", "refsource": "MISC", "url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"}, {"name": "77252", "refsource": "OSVDB", "url": "http://osvdb.org/77252"}, {"name": "77260", "refsource": "OSVDB", "url": "http://osvdb.org/77260"}, {"name": "77254", "refsource": "OSVDB", "url": "http://osvdb.org/77254"}, {"name": "20111119 Blogs manager <= 1.101 SQL Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"}, {"name": "50731", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50731"}, {"name": "77250", "refsource": "OSVDB", "url": "http://osvdb.org/77250"}, {"name": "77253", "refsource": "OSVDB", "url": "http://osvdb.org/77253"}, {"name": "46918", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46918"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:40.244Z"}, "title": "CVE Program Container", "references": [{"name": "20111118 Blogs manager <= 1.101 SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"}, {"name": "77255", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77255"}, {"name": "77256", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77256"}, {"name": "77259", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77259"}, {"name": "77251", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77251"}, {"name": "77257", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77257"}, {"name": "77258", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77258"}, {"name": "blogsmanager-searchfield-sql-injection(71401)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"}, {"name": "18129", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18129"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"}, {"name": "77252", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77252"}, {"name": "77260", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77260"}, {"name": "77254", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77254"}, {"name": "20111119 Blogs manager <= 1.101 SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"}, {"name": "50731", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50731"}, {"name": "77250", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77250"}, {"name": "77253", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77253"}, {"name": "46918", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46918"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5110", "datePublished": "2012-08-23T20:00:00", "dateReserved": "2012-08-23T00:00:00", "dateUpdated": "2024-08-07T00:23:40.244Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:john_geo:blogs_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F24AFB20-DA51-4F7E-8DB3-8F9C52803031", "versionEndIncluding": "1.101", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Blogs Manager v1.101 y anteriores que permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro SearchField en una acci\u00f3n de b\u00fasqueda con (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/."}], "id": "CVE-2011-5110", "lastModified": "2024-11-21T01:33:39.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-23T20:55:02.530", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77250"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77251"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77252"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77253"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77254"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77255"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77256"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77257"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77258"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77259"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/77260"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46918"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18129"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50731"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/77260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://sourceforge.net/tracker/?func=detail&aid=3506818&group_id=219284&atid=1045881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/520571/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71401"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}