CVE-2007-1445

Description

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.

Affected products

• betaparticle / betaparticle_blog7.0.2
• betaparticle / betaparticle_blog7.0 – 7.0

References

• EXPLOIThttps://www.exploit-db.com/exploits/3466
• MISChttp://blog.betaparticle.com/template_permalink.asp?id=134
• MISChttp://osvdb.org/33997
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0919
• VENDOR_ADVISORYhttp://secunia.com/advisories/24473