CVE-2009-1481

Name of the Vulnerable Software and Affected Versions: PuterJam's Blog (PJBlog3) version 3.0.6.170

Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the cname parameter in a "checkAlias" action. This issue has been exploited in the wild.

Recommendations: For version 3.0.6.170, as a temporary workaround, consider restricting access to the action.asp page or disabling the checkAlias action until a patch is available. Avoid using the cname parameter in the affected action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.