Vulnerabilities > Mywebland > Mybloggie > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-09 | CVE-2008-3080 | Cross-Site Request Forgery (CSRF) vulnerability in Mywebland Mybloggie 2.1.6 Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. | 5.1 |
| 2008-07-09 | CVE-2007-3650 | Information Exposure vulnerability in Mywebland Mybloggie 2.1.6 myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages. | 5.0 |
| 2008-07-09 | CVE-2007-1899 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.6 Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | 5.1 |
| 2007-01-19 | CVE-2007-0353 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.5 Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. network mywebland | 6.8 |
| 2006-08-09 | CVE-2006-4043 | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
| 2006-07-27 | CVE-2006-3903 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. network mywebland | 5.8 |
| 2006-05-09 | CVE-2006-2269 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. network mywebland | 4.3 |
| 2006-03-14 | CVE-2006-1205 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. network mywebland | 4.3 |
| 2005-05-11 | CVE-2005-1498 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. network mywebland | 4.3 |
| 2005-05-11 | CVE-2005-1497 | Information Disclosure vulnerability in Mywebland Mybloggie 2.1.1 index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message. | 5.0 |