RSS   Podatności dla 'Blogphp'   RSS

2009-04-23
 
CVE-2008-6745

 
 
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.

 
2009-04-07
 
CVE-2008-6631

 
 
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.

 
2008-06-03
 
CVE-2008-2524

CWE-287
 
 
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.

 
2008-02-11
 
CVE-2008-0679

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

 
 
CVE-2008-0678

CWE-89
 
 
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.

 

Copyright 2024, cxsecurity.com

 

Back to Top