CVE-2007-1445

Name of the Vulnerable Software and Affected Versions BP Blog versions 7.0 through 7.0.2

Description The issue concerns a SQL injection vulnerability in the theme preview feature of the default.asp file. This vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the layout parameter in the API endpoint.

Recommendations For BP Blog versions 7.0 through 7.0.2, consider restricting access to the theme preview feature until a patch is available. As a temporary workaround, avoid using the layout parameter in the default.asp file to minimize the risk of exploitation.