A Blog
Products
2- 25 CVEs
- 1 CVE
Recent CVEs
26| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4917 | 0.03 | — | 0.01 | Oct 8, 2011 | SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter. | |||
| CVE-2008-0676 | 0.03 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | |||
| CVE-2008-0677 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action. | |||
| CVE-2006-6729 | 0.03 | — | 0.02 | Dec 26, 2006 | Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2006-5135 | 0.03 | — | 0.02 | Oct 3, 2006 | Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b)… | |||
| CVE-2006-5092 | 0.03 | — | 0.04 | Sep 29, 2006 | PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter. | |||
| CVE-2005-0945 | 0.03 | — | 0.02 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. | |||
| CVE-2025-32999 | 0.00 | — | 0.00 | May 19, 2025 | Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is… | |||
| CVE-2025-29461 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. | |||
| CVE-2024-31396 | 0.00 | — | 0.00 | May 22, 2024 | Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an… | |||
| CVE-2024-31395 | 0.00 | — | 0.00 | May 22, 2024 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier… | |||
| CVE-2024-30420 | 0.00 | — | 0.00 | May 22, 2024 | Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the… | |||
| CVE-2024-30419 | 0.00 | — | 0.00 | May 22, 2024 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier… | |||
| CVE-2024-27279 | 0.00 | — | 0.01 | Mar 12, 2024 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability… | |||
| CVE-2024-25559 | 0.00 | — | 0.00 | Feb 15, 2024 | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | |||
| CVE-2024-23782 | 0.00 | — | 0.00 | Jan 28, 2024 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier… | |||
| CVE-2024-23348 | 0.00 | — | 0.01 | Jan 23, 2024 | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a… | |||
| CVE-2024-23183 | 0.00 | — | 0.00 | Jan 23, 2024 | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a… | |||
| CVE-2024-23182 | 0.00 | — | 0.01 | Jan 23, 2024 | Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a… | |||
| CVE-2024-23181 | 0.00 | — | 0.00 | Jan 23, 2024 | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a… |
- CVE-2010-4917Oct 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
- CVE-2008-0676Feb 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
- CVE-2008-0677Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
- CVE-2006-6729Dec 26, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-5135Oct 3, 2006risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b)…
- CVE-2006-5092Sep 29, 2006risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.
- CVE-2005-0945May 2, 2005risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
- CVE-2025-32999May 19, 2025risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is…
- CVE-2025-29461Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
- CVE-2024-31396May 22, 2024risk 0.00cvss —epss 0.00
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an…
- CVE-2024-31395May 22, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier…
- CVE-2024-30420May 22, 2024risk 0.00cvss —epss 0.00
Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the…
- CVE-2024-30419May 22, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier…
- CVE-2024-27279Mar 12, 2024risk 0.00cvss —epss 0.01
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability…
- CVE-2024-25559Feb 15, 2024risk 0.00cvss —epss 0.00
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
- CVE-2024-23782Jan 28, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier…
- CVE-2024-23348Jan 23, 2024risk 0.00cvss —epss 0.01
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a…
- CVE-2024-23183Jan 23, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a…
- CVE-2024-23182Jan 23, 2024risk 0.00cvss —epss 0.01
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a…
- CVE-2024-23181Jan 23, 2024risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a…