Vulnerabilities > Abweb > Minimal Ablog > 0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-06 | CVE-2008-6613 | Permissions, Privileges, and Access Controls vulnerability in Abweb Minimal-Ablog 0.4 uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | 7.5 |
2009-04-06 | CVE-2008-6612 | Code Injection vulnerability in Abweb Minimal-Ablog 0.4 Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/. | 6.8 |
2009-04-06 | CVE-2008-6611 | SQL Injection vulnerability in Abweb Minimal Ablog 0.4 SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |