KEVIntel
PRO Back to KEVs
7.5
CVSS
High

CVE-2009-1481

PUBLISHED

SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the...

Not yet in CISA KEV

Exploited in the wild Remote Low complexity
Vendor
PuterJam
Product
PJBlog3
Published
Apr 29, 2009
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Scores

CVSS v2.0 7.5 High

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation Status

Exploited in the wild

Recorded 2009-04-29 18:06:00 UTC · CVE

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2009-04-29 18:06 UTC

Timeline

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved