|
Description
|
|
Multiple vulnerabilities have been identified in Grayscale Blog, which could be exploited by remote attackers to bypass security restrictions, or execute arbitrary SQL queries and scripting code.
The first issue is due to errors in various scripts (e.g. "add_user.php" or "edit_users.php") that do not validate user permissions when performing certain actions, which could be exploited by attackers to manipulate a vulnerable application (e.g. add administrative users).
The second vulnerability is due to input validation errors in various scripts (e.g. "userdetail.php", "jump.php", or "detail.php") when processing certain parameters (e.g. "id"), which could be exploited by malicious people to conduct SQL injection attacks.
The third issue is due to input validation errors in the "scripts/addblog_comment.php" and "detail.php" scripts when processing malformed parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
|
