YAP : Security Vulnerabilities, CVEs,
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
Max CVSS
6.5
EPSS Score
0.12%
Published
2009-03-20
Updated
2017-09-29
1 vulnerabilities found