CVE-2009-3718

Name of the Vulnerable Software and Affected Versions Battle Blog versions 1.25 through 1.30 build 2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the UserName parameter in the "admin/authenticate.asp" endpoint.

Recommendations For Battle Blog versions 1.25 through 1.30 build 2, avoid using the UserName parameter in the "admin/authenticate.asp" endpoint until the issue is resolved. Consider temporarily restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.