Vulnerabilities > Blogphp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-23 | CVE-2008-6745 | Improper Input Validation vulnerability in Blogphp 2.0 index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | 7.5 |
2009-04-07 | CVE-2008-6631 | Cross-Site Scripting vulnerability in Blogphp 2.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679. | 4.3 |
2008-06-03 | CVE-2008-2524 | Improper Authentication vulnerability in Blogphp 2.0 BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | 5.0 |
2008-02-12 | CVE-2008-0679 | Cross-Site Scripting vulnerability in Blogphp 2.0 Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2008-02-12 | CVE-2008-0678 | SQL Injection vulnerability in Blogphp 2.0 SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | 6.8 |