VYPR

Sflog

by Sflog

CVEs (2)

  • CVE-2012-10042HigAug 8, 2025
    risk 0.65cvss epss 0.01

    Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file…

  • CVE-2008-0703Feb 12, 2008
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.