Vulnerabilities > Nibbleblog

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-27	CVE-2020-23356	Unspecified vulnerability in Nibbleblog 3.7.1C dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. network low complexity nibbleblog	7.5
2019-02-11	CVE-2019-7719	Code Injection vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. network low complexity nibbleblog CWE-94 critical	9.8
2018-09-06	CVE-2018-16604	Code Injection vulnerability in Nibbleblog 4.0.5 An issue was discovered in Nibbleblog v4.0.5. network low complexity nibbleblog CWE-94	7.2
2018-02-01	CVE-2018-6470	Information Exposure vulnerability in Nibbleblog 4.0.5 Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. network low complexity nibbleblog CWE-200	5.3

Vulnerabilities > Nibbleblog {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nibbleblog"}]}