Blog\
by Blogcms
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4750 | 0.03 | — | 0.01 | Mar 1, 2011 | Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2010-4749 | 0.03 | — | 0.02 | Mar 1, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php. | |||
| CVE-2008-0359 | 0.03 | — | 0.02 | Jan 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/. | |||
| CVE-2008-0360 | 0.03 | — | 0.01 | Jan 18, 2008 | Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | |||
| CVE-2006-6552 | 0.03 | — | 0.03 | Dec 14, 2006 | PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | |||
| CVE-2006-6035 | 0.03 | — | 0.02 | Nov 22, 2006 | Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | |||
| CVE-2006-3364 | 0.03 | — | 0.02 | Jul 6, 2006 | SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0450 | 0.00 | — | 0.01 | Jan 25, 2008 | Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/. |
- CVE-2010-4750Mar 1, 2011risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
- CVE-2010-4749Mar 1, 2011risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
- CVE-2008-0359Jan 18, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
- CVE-2008-0360Jan 18, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
- CVE-2006-6552Dec 14, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter.
- CVE-2006-6035Nov 22, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
- CVE-2006-3364Jul 6, 2006risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0450Jan 25, 2008risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.