Vulnerabilities > Sphpblog > Sphpblog
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-18 | CVE-2007-5572 | Cross-Site Request Forgery (CSRF) vulnerability in Sphpblog 0.4.9 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php. | 4.3 |
2006-11-21 | CVE-2006-6033 | Directory Traversal vulnerability in Sphpblog 0.4.8 Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. | 7.5 |
2006-11-21 | CVE-2006-6032 | Cross-Site Scripting vulnerability in Sphpblog 0.4.8 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. network sphpblog | 6.8 |
2005-04-14 | CVE-2005-1136 | Information Disclosure vulnerability in Sphpblog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | 5.0 |