Vulnerabilities > Aflog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-29 | CVE-2008-4784 | Improper Authentication vulnerability in Aflog 1.01 aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | 7.5 |
| 2008-01-23 | CVE-2008-0398 | Cross-Site Scripting vulnerability in Aflog Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. | 4.3 |