Vulnerabilities > Phpblogger
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-03 | CVE-2007-4157 | Information Disclosure vulnerability in PHPblogger PHP-Blogger 2.2.7 PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. | 5.0 |
| 2006-07-11 | CVE-2006-3514 | Cross-Site Scripting vulnerability in PHPblogger PHP-Blogger 2.2.5 Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters. network phpblogger | 4.3 |