Mywebland

Mybloggie

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-2859

Exploit
  • EPSS 1.71%
  • Veröffentlicht 06.06.2006 20:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multi...

4.3

CVE-2006-2269

Exploit
  • EPSS 0.42%
  • Veröffentlicht 09.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.

4.3

CVE-2006-1205

Exploit
  • EPSS 1.35%
  • Veröffentlicht 14.03.2006 01:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable...

7.5

CVE-2005-4225

  • EPSS 2.12%
  • Veröffentlicht 14.12.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user para...

7.5

CVE-2005-3153

Exploit
  • EPSS 0.48%
  • Veröffentlicht 05.10.2005 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but...

7.5

CVE-2005-2838

  • EPSS 0.82%
  • Veröffentlicht 07.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5

CVE-2005-1500

Exploit
  • EPSS 1.3%
  • Veröffentlicht 11.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, t...

7.5

CVE-2005-1499

Exploit
  • EPSS 1.71%
  • Veröffentlicht 11.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.

4.3

CVE-2005-1498

Exploit
  • EPSS 4.97%
  • Veröffentlicht 11.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, w...

5

CVE-2005-1497

  • EPSS 0.39%
  • Veröffentlicht 11.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.