Vulnerabilities > Eggblog > Eggblog

DATE CVE VULNERABILITY TITLE RISK
2011-09-23 CVE-2011-3732 Information Exposure vulnerability in Eggblog 4.1.2
eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php and certain other files.
network
low complexity
eggblog CWE-200
5.0
2008-04-02 CVE-2008-1626 Improper Input Validation vulnerability in Eggblog
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie.
network
low complexity
eggblog CWE-20
7.5
2008-01-09 CVE-2008-0159 SQL Injection vulnerability in Eggblog
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
network
eggblog CWE-89
6.8
2007-11-15 CVE-2007-5980 Cross-Site Scripting vulnerability in Eggblog
Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
network
eggblog CWE-79
4.3
2007-06-01 CVE-2007-2978 Link Following vulnerability in Eggblog
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
network
eggblog CWE-59
6.8