Intrusion Prevention

PHP.printLog.php.ID.Parameter.SQL.Injection

Description

It indicates a possible exploit of a SQL injection vulnerability in BrewBlogger.
This flaw is due to an input validation error in the "printLog.php" script that does not validate the "id" parameter before it is used in SQL statements. It could be exploited by malicious people to conduct SQL injection attacks.

Affected Products

BrewBlogger version 1.3.1 and prior.

Impact

The execution of arbitrary SQL commands on the system.

Recommended Actions

Upgrade to BrewBlogger version 1.3.2 :
http://sourceforge.net/projects/brewblogger/

CVE References

CVE-2006-5889