Intrusion Prevention

ICBlogger.Devam.ASP.SQL.Injection

Description

ICBlogger has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "devam.asp" script that injects SQL statements in the "YID" parameter.

Affected Products

ICBlogger version 2.0 and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.icblogger.com/

CVE References

CVE-2006-4597