CVE-2007-5572
- EPSS 0.18%
- Veröffentlicht 18.10.2007 21:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link...
CVE-2006-6032
- EPSS 1.44%
- Veröffentlicht 21.11.2006 23:07:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, di...
CVE-2006-6033
- EPSS 0.71%
- Veröffentlicht 21.11.2006 23:07:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.ph...
- EPSS 0.44%
- Veröffentlicht 14.04.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.