Vulnerabilities > Mywebland
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-07 | CVE-2008-6650 | Permissions, Privileges, and Access Controls vulnerability in Mywebland Minibloggie 1.0 del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | 5.0 |
2008-11-10 | CVE-2008-5004 | SQL Injection vulnerability in Mywebland Bloggie Lite 0.0.2 SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie. | 7.5 |
2008-10-22 | CVE-2008-4650 | SQL Injection vulnerability in Mywebland Myevent 1.6 SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter. | 7.5 |
2008-10-22 | CVE-2008-4644 | Permissions, Privileges, and Access Controls vulnerability in Mywebland Mystats hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. | 7.5 |
2008-10-22 | CVE-2008-4643 | SQL Injection vulnerability in Mywebland Mystats SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2008-10-21 | CVE-2008-4628 | SQL Injection vulnerability in Mywebland Minibloggie 1.0 SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | 7.5 |
2008-07-09 | CVE-2008-3080 | Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6 Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. | 5.1 |
2008-07-09 | CVE-2007-3650 | Information Exposure vulnerability in Mywebland Mybloggie 2.1.6 myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | 5.0 |
2008-07-09 | CVE-2007-1899 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.6 Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | 5.1 |
2007-06-04 | CVE-2007-3003 | SQL Injection vulnerability in MyBloggie Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | 7.5 |