Vulnerabilities > Wuzly

DATE CVE VULNERABILITY TITLE RISK
2011-12-24 CVE-2011-3839 Permissions, Privileges, and Access Controls vulnerability in Wuzly 2.0
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.
network
low complexity
wuzly CWE-264
7.5
2011-12-24 CVE-2011-3838 SQL Injection vulnerability in Wuzly 2.0
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php.
network
low complexity
wuzly CWE-89
7.5
2011-12-24 CVE-2011-3837 Path Traversal vulnerability in Wuzly 2.0
Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a ..
network
wuzly CWE-22
6.8
2011-12-24 CVE-2011-3836 Cross-Site Request Forgery (CSRF) vulnerability in Wuzly 2.0
Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors.
network
wuzly CWE-352
6.8
2011-12-24 CVE-2011-3835 Cross-Site Scripting vulnerability in Wuzly 2.0
Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter to media.php in admin/; the sidebar parameter to (12) add_widget.php and (13) widgets.php, id parameter to (14) category_delete.php, (15) comment.php, (16) page_delete.php, and (17) post_delete.php, (18) type parameter to media.php, and (19) id and (20) sidebar parameter to widget_delete.php in mobile/; and the (21) name, (22) email, (23) website, and (24) comment parameters to index.php; and the (25) username parameter to admin/login.php.
network
wuzly CWE-79
4.3