SQL injection vulnerability in comments.asp in LBlog 1.05 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
lblog lblog 1.05