Vulnerabilities > Sphpblog > Sphpblog > 0.4.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-21 | CVE-2006-6033 | Directory Traversal vulnerability in Sphpblog 0.4.8 Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. | 7.5 |
2006-11-21 | CVE-2006-6032 | Cross-Site Scripting vulnerability in Sphpblog 0.4.8 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. network sphpblog | 6.8 |