Vulnerabilities > Wheatblog

DATE CVE VULNERABILITY TITLE RISK
2007-07-04 CVE-2007-3557 SQL Injection vulnerability in Wheatblog 1.1
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
network
wheatblog
6.8
2007-02-12 CVE-2006-7002 Cross-Site Scripting vulnerability in Wheatblog 1.1
Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field.
network
wheatblog
4.3
2006-11-15 CVE-2006-5922 Information Disclosure vulnerability in Wheatblog
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
network
low complexity
wheatblog
5.0
2006-11-15 CVE-2006-5921 HTML Injection vulnerability in WheatBlog
Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields.
network
wheatblog
5.8
2006-10-10 CVE-2006-5195 HTML Injection vulnerability in Wheatblog 1.0/1.1
Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
wheatblog
6.8
2006-08-17 CVE-2006-4198 Remote File Include vulnerability in Wheatblog 1.0
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.
network
high complexity
wheatblog
5.1