Vulnerabilities > Battleblog
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-11 | CVE-2009-1609 | Improper Input Validation vulnerability in Battleblog Battle Blog 1.25 Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | 6.8 |
2008-06-12 | CVE-2008-2685 | SQL Injection vulnerability in Battleblog SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. | 7.5 |
2008-06-10 | CVE-2008-2626 | SQL Injection vulnerability in Battleblog 1.05/1.0D/1.20 SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter. | 7.5 |
2007-01-05 | CVE-2007-0078 | Information Disclosure vulnerability in Battleblog 1.0D BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | 5.0 |