Description
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BeyazKurt · textwebappsasp
https://www.exploit-db.com/exploits/3466
References (5)
Core 5
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3466
Patch x_refsource_confirm
http://blog.betaparticle.com/template_permalink.asp?id=134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33997
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0919
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24473
Scores
EPSS
0.0193
EPSS Percentile
83.5%
Details
Status
published
Products (2)
betaparticle/betaparticle_blog
7.0
betaparticle/betaparticle_blog
< 7.0.2
Published
Mar 14, 2007
Tracked Since
Feb 18, 2026