Vulnerabilities > Mywebland

DATE CVE VULNERABILITY TITLE RISK
2009-04-07 CVE-2008-6650 Permissions, Privileges, and Access Controls vulnerability in Mywebland Minibloggie 1.0
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
network
low complexity
mywebland CWE-264
5.0
2008-11-10 CVE-2008-5004 SQL Injection vulnerability in Mywebland Bloggie Lite 0.0.2
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
network
low complexity
mywebland CWE-89
7.5
2008-10-22 CVE-2008-4650 SQL Injection vulnerability in Mywebland Myevent 1.6
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
network
low complexity
mywebland CWE-89
7.5
2008-10-22 CVE-2008-4644 Permissions, Privileges, and Access Controls vulnerability in Mywebland Mystats
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
network
low complexity
mywebland CWE-264
7.5
2008-10-22 CVE-2008-4643 SQL Injection vulnerability in Mywebland Mystats
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
network
low complexity
mywebland CWE-89
7.5
2008-10-21 CVE-2008-4628 SQL Injection vulnerability in Mywebland Minibloggie 1.0
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
network
low complexity
mywebland CWE-89
7.5
2008-07-09 CVE-2008-3080 Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators.
network
high complexity
mywebland CWE-352
5.1
2008-07-09 CVE-2007-3650 Information Exposure vulnerability in Mywebland Mybloggie 2.1.6
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
network
low complexity
mywebland CWE-200
5.0
2008-07-09 CVE-2007-1899 SQL Injection vulnerability in Mywebland Mybloggie 2.1.6
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
network
high complexity
mywebland CWE-89
5.1
2007-06-04 CVE-2007-3003 SQL Injection vulnerability in MyBloggie
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
network
low complexity
mywebland
7.5