SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote malicious users to execute arbitrary SQL commands via the tarih parameter.
aspindir xweblog 2.2