Vulnerabilities > Mywebland > High

DATE CVE VULNERABILITY TITLE RISK
2008-11-10 CVE-2008-5004 SQL Injection vulnerability in Mywebland Bloggie Lite 0.0.2
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
network
low complexity
mywebland CWE-89
7.5
7.5
2008-10-22 CVE-2008-4650 SQL Injection vulnerability in Mywebland Myevent 1.6
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
network
low complexity
mywebland CWE-89
7.5
7.5
2008-10-22 CVE-2008-4644 Permissions, Privileges, and Access Controls vulnerability in Mywebland Mystats
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
network
low complexity
mywebland CWE-264
7.5
7.5
2008-10-22 CVE-2008-4643 SQL Injection vulnerability in Mywebland Mystats
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
network
low complexity
mywebland CWE-89
7.5
7.5
2008-10-21 CVE-2008-4628 SQL Injection vulnerability in Mywebland Minibloggie 1.0
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
network
low complexity
mywebland CWE-89
7.5
7.5
2007-06-04 CVE-2007-3003 SQL Injection vulnerability in MyBloggie
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
network
low complexity
mywebland
7.5
7.5
2006-08-11 CVE-2006-4083 Remote Security vulnerability in Myevent 1.2/1.3
PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040.
network
low complexity
mywebland
7.5
7.5
2006-08-09 CVE-2006-4042 SQL Injection vulnerability in Mywebland Mybloggie
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
network
low complexity
mywebland CWE-89
7.5
7.5
2006-08-09 CVE-2006-4040 Remote File Include vulnerability in myEvent Myevent.PHP
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
network
low complexity
mywebland
7.5
7.5
2006-07-27 CVE-2006-3905 SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
network
low complexity
mywebland
7.5
7.5