CVE-2005-3153
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2005-3153
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
MyBloggie 'login.php'SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MyBloggie 是一款高级的php/MySql博客系统。 MyBloggie 2.1.3 beta及之前版本的login.php可以使远程攻击者借助空字符后面带SQL的username参数,使白名单检查继续进行而将SQL注入查询字符串,从而绕过白名单正式表达式并进行SQL注入攻击。注: 此问题实际上可能是PHP代码的缺陷。如果是这样的话,则此问题不应当视为myBloggie漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2005-3153
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2005-3153
Please Login to view more intelligence information
- http://rgod.altervista.org/mybloggie213b.htmlx_refsource_MISC
- http://mywebland.com/forums/showtopic.php?t=399x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2005-3153
Same Patch Batch · n/a · 2005-10-05 · 25 CVEs total
| CVE-2005-3144 | SBLim-SFCB畸形Header拒绝服务漏洞 | |
| CVE-2005-3156 | EasyGuppy 'printfaq.php'目录遍历漏洞 | |
| CVE-2005-3155 | MailEnable IMAP超长邮箱名W3C日志记录溢出漏洞 | |
| CVE-2005-3154 | BitDefender Antivirus Logging Function格式化字符串漏洞 | |
| CVE-2005-3152 | CubeCart 多个跨站脚本攻击漏洞 | |
| CVE-2005-3151 | Blender 命令行处理缓冲区溢出漏洞 | |
| CVE-2005-3150 | Weex Log_Flush() 函数远程格式化字符串漏洞 | |
| CVE-2005-3149 | UIM LibUIM 环境变量特权提升漏洞 | |
| CVE-2005-3148 | StoreBackup symbolic links 权限设置漏洞 | |
| CVE-2005-3147 | StoreBackup 备份根目录 敏感信息泄露漏洞 | |
| CVE-2005-3146 | StoreBackup不安全临时文件创建漏洞 | |
| CVE-2005-3145 | Sblim-sfcb 'htpAdapter.c' 拒绝服务漏洞 | |
| CVE-2005-0023 | Gnome-PTY-Helper UTMP主机名欺骗漏洞 | |
| CVE-2005-3143 | 4D WebStar Remote IMAP 拒绝服务漏洞 | |
| CVE-2005-3142 | Kaspersky Anti-Virus Library CAB Record 远程堆溢出漏洞 | |
| CVE-2005-3141 | Cerulean Studios Trillian 反向连接 拒绝服务漏洞 | |
| CVE-2005-3140 | Procom Technology NetFORCE 800信息泄露漏洞 | |
| CVE-2005-3139 | Bugzilla User-Matching信息泄露漏洞 | |
| CVE-2005-3138 | Bugzilla config.cgi 信息泄露漏洞 | |
| CVE-2005-3137 | GNU CFEngine 不安全临时文件创建漏洞 |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2005-3153
No comments yet