3 matches found
CVE-2018-16604
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes e.g., "$phpinfo"...
CVE-2018-16604
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes e.g., "$phpinfo"...
CVE-2018-16604
Nibbleblog v4.0.5 is affected. The issue allows an attacker with admin credentials to execute arbitrary PHP code by exploiting the username field, which is surrounded by double quotes (e.g., "${phpinfo()}"). Root cause is improper handling of the admin username leading to code execution. Impact i...