RSS   Vulnerabilities for 'Blogator-script'   RSS

2009-03-16
 
CVE-2008-6473

CWE-255
 

 
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.

 
2008-04-12
 
CVE-2008-1760

CWE-94
 

 
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.

 


Copyright 2024, cxsecurity.com

 

Back to Top