Vulnerabilities > Nibbleblog > Nibbleblog > 4.0.5

DATE CVE VULNERABILITY TITLE RISK
2019-02-11 CVE-2019-7719 Code Injection vulnerability in Nibbleblog 4.0.5
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
network
low complexity
nibbleblog CWE-94
7.5
7.5
2018-09-06 CVE-2018-16604 Code Injection vulnerability in Nibbleblog 4.0.5
An issue was discovered in Nibbleblog v4.0.5.
network
low complexity
nibbleblog CWE-94
6.5
6.5
2018-02-01 CVE-2018-6470 Information Exposure vulnerability in Nibbleblog 4.0.5
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
network
low complexity
nibbleblog CWE-200
5.0
5.0