Blogphp
by Blogphp
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6745 | 0.03 | — | 0.02 | Apr 23, 2009 | index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | ||
| CVE-2008-6631 | 0.03 | — | 0.01 | Apr 7, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679. | ||
| CVE-2008-0678 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | ||
| CVE-2008-0679 | 0.03 | — | 0.04 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||
| CVE-2008-2524 | 0.00 | — | 0.00 | Jun 3, 2008 | BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. |
- CVE-2008-6745Apr 23, 2009risk 0.03cvss —epss 0.02
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
- CVE-2008-6631Apr 7, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
- CVE-2008-0678Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
- CVE-2008-0679Feb 12, 2008risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
- CVE-2008-2524Jun 3, 2008risk 0.00cvss —epss 0.00
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.