CVE-2008-2669

Name of the Vulnerable Software and Affected Versions yBlog version 0.2.2.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the q parameter to the "search.php" endpoint, or the n parameter to the "user.php" or "uss.php" endpoints.

Recommendations For yBlog version 0.2.2.2, as a temporary workaround, consider restricting access to the "search.php", "user.php", and "uss.php" endpoints until a patch is available. Avoid using the q parameter in the "search.php" endpoint and the n parameter in the "user.php" and "uss.php" endpoints until the issue is resolved.