CVE-2008-0677

Name of the Vulnerable Software and Affected Versions A-Blog version 2

Description The issue allows remote attackers to execute arbitrary SQL commands via the id parameter in a "news" action. This is related to a SQL injection vulnerability in the blog.php file.

Recommendations For A-Blog version 2, avoid using the id parameter in the "news" action until the issue is resolved. As a temporary workaround, consider restricting access to the blog.php file to minimize the risk of exploitation.