- Home
- CVEs with nessus.description==The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files.
The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticated attacker to uncover sensitive information such as password hashes, modify data, launch attacks against the underlying database, etc.
Note that successful exploitation is possible regardless of PHP's 'magic_quotes_gpc' setting.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top