Vulnerabilities for Yap blog (...) - CXSECURITY.COM

Vulnerabilities for 'Yap blog'

2009-03-20

CVE-2009-1038

CWE-89

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.

Copyright 2024, cxsecurity.com