SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
https://www.exploit-db.com/exploits/5731
https://exchange.xforce.ibmcloud.com/vulnerabilities/42818
http://www.vupen.com/english/advisories/2008/1737/references
http://www.securityfocus.com/bid/29507
http://www.davethewebguy.com/battleblog/article.asp?entry=24