cpe:/a:yap:yap_blog:1.1.1 CVE-2009-1038 2009-03-20T14:30:00.407-04:00 2017-09-28T21:34:07.997-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-23T08:54:00.000-04:00 BID 34274 OSVDB 52761 OSVDB 52762 EXPLOIT-DB 8217 Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.