CVE-2009-1038P3MEDIUMCVSS 6.5PoCv1.1.12009-03-20
CVE-2009-1038 [MEDIUM] CWE-89 CVE-2009-1038: Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
nvd