BilboBlog

CVEs (4)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2008-3302	BilboBlog BilboBlog	0.03	—	0.02	Jul 25, 2008	SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
CVE-2008-3303	BilboBlog BilboBlog	0.03	—	0.05	Jul 25, 2008	admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
CVE-2008-3301	BilboBlog BilboBlog	0.03	—	0.02	Jul 25, 2008	Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to…
CVE-2008-3304	BilboBlog BilboBlog	0.03	—	0.06	Jul 25, 2008	BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.

CVE-2008-3302Jul 25, 2008
BilboBlog
BilboBlog
risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
CVE-2008-3303Jul 25, 2008
BilboBlog
BilboBlog
risk 0.03cvss —epss 0.05
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
CVE-2008-3301Jul 25, 2008
BilboBlog
BilboBlog
risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to…
CVE-2008-3304Jul 25, 2008
BilboBlog
BilboBlog
risk 0.03cvss —epss 0.06
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.