Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1038

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-1038
Last Modified 02 Apr 2009 01:45:38
Published 20 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-1038

Summary

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.

Vulnerable Systems

Application

  • Yap Blog 1.1.1


References

BID - 34274

MILW0RM - 8217

OSVDB - 52762

OSVDB - 52761


Last Updated: 27 May 2016 10:50:26