Vulnerabilities > Insane Visions > Blogphp > 1.0

DATE CVE VULNERABILITY TITLE RISK
2006-01-22 CVE-2006-0372 SQL Injection vulnerability in Insane Visions Blogphp 1.0
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.
network
low complexity
insane-visions
7.5
7.5
2006-01-19 CVE-2006-0318 SQL Injection vulnerability in Insane Visions Blogphp 1.0
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
network
low complexity
insane-visions CWE-89
7.5
7.5