Intrusion Prevention

WBBlog.Parameter.Remote.SQL.Injection

Description

WBBlog has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request with the e_id parameter in a viewentry cmd.

Affected Products

WBBlog

Impact

SQL injection.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2007-1481