RSS   Vulnerabilities for 'BLOG'   RSS

2017-12-28
 
CVE-2017-17950

CWE-89
 

 
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.

 
 
CVE-2017-17949

CWE-79
 

 
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.

 
 
CVE-2017-17948

CWE-79
 

 
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.

 


Copyright 2024, cxsecurity.com

 

Back to Top