Unrated severityNVD Advisory· Published Mar 13, 2007· Updated Apr 23, 2026

CVE-2007-1434

Description

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.

Affected products

Grayscale/Grayscale Blog
cpe:2.3:a:grayscale:grayscale_blog:*:*:*:*:*:*:*:*
Range: <=0.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/22911nvdExploit
securityreason.com/securityalert/2417nvd
www.securityfocus.com/archive/1/462441/100/0/threadednvd
www.vupen.com/english/advisories/2007/0916nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000