8 matches found
minimal ablog 0.4 (sql/fu/bypass) Multiple Vulnerabilities
No description provided by source. =========================================================================================================== o minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln Software : minimal-ablog version 0.4 Vendor : http://www.abweb.co.cc/ Download :...
CVE-2008-6611
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Design/Logic Flaw
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request...
CVE-2008-6613
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request...
Sql injection
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-6611
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-6613
CVE-2008-6613 affects minimal-ablog 0.4, where uploader.php fails to properly restrict access. This allows remote attackers to gain administrative privileges via a direct request. The description and linked references confirm the component and impact but do not provide exploit details, affected v...
CVE-2008-6611
CVE-2008-6611 describes a SQL injection in index.php of Minimal ABlog 0.4, exploitable via the id parameter to execute arbitrary SQL commands. The NVD notes a base score of 7.5 (HIGH) with network attack vector and low complexity, no authentication required, affecting confidentiality, integrity, ...