High severity7.2NVD Advisory· Published Sep 6, 2018· Updated Jun 17, 2026
CVE-2018-16604
CVE-2018-16604
Description
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
Affected products
2= 4.0.5+ 1 more
- (no CPE)range: = 4.0.5
- (no CPE)range: = 4.0.5
Patches
Vulnerability mechanics
References
1- github.com/dignajar/nibbleblog/issues/131nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.