Vulnerabilities > Blogphp

DATE CVE VULNERABILITY TITLE RISK
2009-04-23 CVE-2008-6745 Improper Input Validation vulnerability in Blogphp 2.0
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
network
low complexity
blogphp CWE-20
7.5
2009-04-07 CVE-2008-6631 Cross-Site Scripting vulnerability in Blogphp 2.0
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
network
blogphp CWE-79
4.3
2008-06-03 CVE-2008-2524 Improper Authentication vulnerability in Blogphp 2.0
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
network
low complexity
blogphp CWE-287
5.0
2008-02-12 CVE-2008-0679 Cross-Site Scripting vulnerability in Blogphp 2.0
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
network
blogphp CWE-79
4.3
2008-02-12 CVE-2008-0678 SQL Injection vulnerability in Blogphp 2.0
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
network
blogphp CWE-89
6.8