Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.