Battleblog

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2009-1609	0.03	—	0.03	May 11, 2009	Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-2626	0.03	—	0.01	Jun 10, 2008	SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2008-2685	0.00	—	0.00	Jun 12, 2008	SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
CVE-2007-0078	0.00	—	0.01	Jan 5, 2007	BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.

CVE-2009-1609May 11, 2009
risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-2626Jun 10, 2008
risk 0.03cvss —epss 0.01
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2008-2685Jun 12, 2008
risk 0.00cvss —epss 0.00
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
CVE-2007-0078Jan 5, 2007
risk 0.00cvss —epss 0.01
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.