Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yap yap blog 1.1.1 |