Simplog

Simplog

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-4091

Exploit
  • EPSS 3.27%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

6.8

CVE-2009-4092

Exploit
  • EPSS 0.37%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.

4.3

CVE-2009-4093

Exploit
  • EPSS 2.08%
  • Veröffentlicht 29.11.2009 13:07:34
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.

7.5

CVE-2006-5398

  • EPSS 1.67%
  • Veröffentlicht 18.10.2006 23:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

6.8

CVE-2006-4058

  • EPSS 1.63%
  • Veröffentlicht 10.08.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party inf...

5.8

CVE-2006-2028

  • EPSS 8.04%
  • Veröffentlicht 26.04.2006 00:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory trav...

6.4

CVE-2006-2029

  • EPSS 2.23%
  • Veröffentlicht 26.04.2006 00:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php...

7.5

CVE-2006-1776

  • EPSS 22.79%
  • Veröffentlicht 13.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter.

7.5

CVE-2006-1777

  • EPSS 18.55%
  • Veröffentlicht 13.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PH...

7.5

CVE-2006-1778

  • EPSS 4.42%
  • Veröffentlicht 13.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive....