QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-1038

Back to search

CVE-2009-1038

Published: Mar 20, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

8217
exploit
x_refsource_EXPLOIT-DB
52762
vdb-entry
x_refsource_OSVDB
52761
vdb-entry
x_refsource_OSVDB
34274
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now