CVE-2008-1626

Published: Apr 2, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.

Affected (1)

Products: Eggblog: Eggblog

Eggblog

1 product

Eggblog

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eggblog Eggblog	Up to 4.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (10)

http://eggblog.net/news.php?id=39

Source: cve@mitre.org

Patch

http://secunia.com/advisories/29583

Source: cve@mitre.org

Vendor Advisory

http://sourceforge.net/project/showfiles.php?group_id=155425&package_id=173141&release_id=587701

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/28497

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/41512

Source: cve@mitre.org

http://eggblog.net/news.php?id=39