chaitak-gorai Blogbook GET Parameter post.php sql injection

CVE Details

Basic Information

Title	chaitak-gorai Blogbook GET Parameter post.php sql injection
Type	cve
Published	2025-06-01T13:00:11.696Z
Last Seen

Product Information

Vendor	chaitak-gorai
Product	Blogbook
Version	92f5cf90f8a7e6566b576fe0952e14e1c6736513

CVSS Information

Base Score	6.9 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description	A critical vulnerability exists in chaitak-gorai Blogbook up to version 92f5cf90f8a7e6566b576fe0952e14e1c6736513. The GET parameter handler in the file /post.php is susceptible to SQL injection via the p_id parameter. This allows remote attackers to execute arbitrary SQL commands. The vulnerability is publicly disclosed and may be exploited. The vendor was contacted but did not respond.
AI Severity	Critical
Vendor	chaitak-gorai
Product	Blogbook
Affected Version	92f5cf90f8a7e6566b576fe0952e14e1c6736513

Additional Information

CVE List
CWE List	CWE-89, CWE-74
Bulletin Family
Source Data	chaitak-gorai Blogbook 92f5cf90f8a7e6566b576fe0952e14e1c6736513

Source Information

Source Data	chaitak-gorai Blogbook 92f5cf90f8a7e6566b576fe0952e14e1c6736513
Source Link

Description

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score Summary

Base Score: 6.9 (MEDIUM)

View Full CVE Details