[原文]Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
Ublog Reload contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.asp' script not properly sanitizing user-supplied input to the 'ci', 'd' and 'm' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
Currently, there are no known workarounds or upgrades to correct this issue. However, Uapplication has released a patch to address this vulnerability.