Back to KEVs

CVE-2009-1481

SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 29, 2009
Published Date
April 29, 2009
Last Updated
August 07, 2024
Vendor
PuterJam
Product
PJBlog3
Description
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2009-04-29 18:06:00 UTC) Source

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50082 http://www.securityfocus.com/bid/34701 http://secunia.com/advisories/34897 http://osvdb.org/53939 http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-04-29 18:06:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel