CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Yap: Security Vulnerabilities

CVE-2009-1038

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.

CVSS Score

6.5

EPSS Score

0.002

Published

2009-03-20

Page 1

Vulnerabilities

Vulnerable Software

Yap: Security Vulnerabilities

Products

Pricing

Contact Us