Vulnerabilities > Battleblog > Battleblog

DATE CVE VULNERABILITY TITLE RISK
2008-06-12 CVE-2008-2685 SQL Injection vulnerability in Battleblog
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
network
low complexity
battleblog CWE-89
7.5
7.5
2008-06-10 CVE-2008-2626 SQL Injection vulnerability in Battleblog 1.05/1.0D/1.20
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
network
low complexity
battleblog CWE-89
7.5
7.5
2007-01-05 CVE-2007-0078 Information Disclosure vulnerability in Battleblog 1.0D
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
network
low complexity
battleblog
5.0
5.0