Primary

Context

ZeroWdd MyBlog XML Injection Vulnerability in BlogMapper.xml

Vulnerability

A critical XML injection vulnerability has been identified in ZeroWdd MyBlog version 1.0. The issue arises in the BlogMapper.xml file, specifically within the findBlogList and getTotalBlogs functions. This vulnerability allows for the injection of SQL commands without authorization, and can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, which could be used to manipulate database queries and potentially access or modify sensitive data.

Reproduction

The vulnerability can be reproduced by sending a request to the admin blogs list endpoint. Include a crafted keyword parameter that exploits the XML injection flaw, such as one that uses the extractvalue function to extract database information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZeroWdd MyBlog XML Injection Vulnerability in BlogMapper.xml

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating