CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

EUVD-2019-17251

Malware in sbrugna...

EUVD-2015-6898

Malware in sbrugna...

EUVD-2020-16103

Malware in sbrugna...

EUVD-2014-8822

Malware in sbrugna...

EUVD-2018-8411

Malware in sbrugna...

EUVD-2018-18226

Malware in sbrugna...

CVE-2020-23356

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

CVE-2015-6967

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/myimage/image.php...

CVE-2018-16604

An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes e.g., "$phpinfo"...

CVE-2015-6966

Multiple cross-site request forgery CSRF vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 create a post via a newsimple action to admin.php or 2 conduct cross-site scripting XSS attacks via the content parameter i...

CVE-2020-23356

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

Design/Logic Flaw

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

CVE-2020-23356

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

CVE-2020-23356

NIBBLEBLOG 3.7.1c contains a login bypass due to type juggling: PHP code uses == instead of === for password comparison, mishandling hashes starting with 0e followed by digits. This allows bypass via non-strict comparison in admin/kernel/api/login.class.php. Documents identify the issue and affec...

Dignajar Nibbleblog Authorization Issues Vulnerability

Dignajar Nibbleblog is a Php-based blogging system by the individual developer Dignajar. A security vulnerability exists in nibbleblog v3.7.1c, which stems from the use of == instead of === for password hashes...

Design/Logic Flaw

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...