CVE-2010-4855

UNRATEDJSON export Create alert

Description

SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.

Affected products

aspindir / xweblog2.2 – 2.2

References

EXPLOIThttp://www.exploit-db.com/exploits/15218
EXPLOIThttp://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt
MISChttp://securityreason.com/securityalert/8414
VENDOR_ADVISORYhttp://secunia.com/advisories/41708