CVE-2007-1445 Information

Description

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.

Reference

http://blog.betaparticle.com/template_permalink.asp?id=134 http://osvdb.org/33997 http://secunia.com/advisories/24473 http://www.vupen.com/english/advisories/2007/0919 https://www.exploit-db.com/exploits/3466