RSS   Vulnerabilities for 'Yap blog'   RSS

2009-03-20
 
CVE-2009-1038

CWE-89
 

 
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.

 


Copyright 2021, cxsecurity.com

 

Back to Top