Vulnerabilities > Mywebland > Mybloggie
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-09 | CVE-2008-3080 | Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6 Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. | 5.1 |
| 2008-07-09 | CVE-2007-3650 | Information Exposure vulnerability in Mywebland Mybloggie 2.1.6 myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | 5.0 |
| 2008-07-09 | CVE-2007-1899 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.6 Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | 5.1 |
| 2007-06-04 | CVE-2007-3003 | SQL Injection vulnerability in MyBloggie Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | 7.5 |
| 2007-01-19 | CVE-2007-0353 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.5 Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. network mywebland | 6.8 |
| 2006-08-09 | CVE-2006-4043 | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
| 2006-08-09 | CVE-2006-4042 | SQL Injection vulnerability in Mywebland Mybloggie Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | 7.5 |
| 2006-07-27 | CVE-2006-3905 | SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. | 7.5 |
| 2006-07-27 | CVE-2006-3903 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. network mywebland | 5.8 |
| 2006-05-09 | CVE-2006-2269 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. network mywebland | 4.3 |