Aggregates CVE and security vulnerability intelligence across all battleblog-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk input validation, with potential vendor impact data exposure and vendor impact unexpected behavior across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-1609 | Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | [email protected] | 6.8 | 2.80% | 2009-05-11 | 2026-04-23 |
| CVE-2008-2685 | SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. | [email protected] | 7.5 | 0.35% | 2008-06-12 | 2026-04-23 |
| CVE-2008-2626 | SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter. | [email protected] | 7.5 | 1.00% | 2008-06-10 | 2026-04-23 |
| CVE-2007-0078 | BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | [email protected] | 5.0 | 0.50% | 2007-01-05 | 2026-04-23 |