CVE-2007-1445 - SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2

CVE-2007-1445

Summary

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.

References

http://blog.betaparticle.com/template_permalink.asp?id=134
http://osvdb.org/33997
http://secunia.com/advisories/24473
http://www.vupen.com/english/advisories/2007/0919
https://www.exploit-db.com/exploits/3466

Vulnerable Configurations

cpe:2.3:a:betaparticle:betaparticle_blog:7.0:*:*:*:*:*:*:*
cpe:2.3:a:betaparticle:betaparticle_blog:7.0:*:*:*:*:*:*:*
cpe:2.3:a:betaparticle:betaparticle_blog:*:*:*:*:*:*:*:*
cpe:2.3:a:betaparticle:betaparticle_blog:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://blog.betaparticle.com/template_permalink.asp?id=134
exploit-db	3466
osvdb	33997
secunia	24473
vupen	ADV-2007-0919

Last major update

19-10-2017 - 01:30

Published

14-03-2007 - 00:19

Last modified

19-10-2017 - 01:30