Sql injection

2007-03-1400:19:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.132 Low

EPSS

Percentile

95.6%

JSON

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.

CPENameOperatorVersion
betaparticle_blogeq7.0
betaparticle_blogle7.0.2

CPE	Name	Operator	Version
	betaparticle_blog	eq	7.0
	betaparticle_blog	le	7.0.2

References

blog.betaparticle.com/template_permalink.asp?id=134

osvdb.org/33997

secunia.com/advisories/24473

www.vupen.com/english/advisories/2007/0919

www.exploit-db.com/exploits/3466