CVE-2008-3301
- EPSS 0.51%
- Veröffentlicht 25.07.2008 13:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and ...
- EPSS 0.54%
- Veröffentlicht 25.07.2008 13:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
CVE-2008-3303
- EPSS 11.96%
- Veröffentlicht 25.07.2008 13:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
- EPSS 5.23%
- Veröffentlicht 25.07.2008 13:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.