Battleblog : Security Vulnerabilities, CVEs,
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Max CVSS
6.8
EPSS Score
6.39%
Published
2009-05-11
Updated
2017-09-29
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-06-12
Updated
2017-08-08
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
Max CVSS
7.5
EPSS Score
0.18%
Published
2008-06-10
Updated
2017-09-29
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
Max CVSS
5.0
EPSS Score
0.86%
Published
2007-01-05
Updated
2018-10-16
4 vulnerabilities found