SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
9.8CVSS
9.7AI Score
0.002EPSS
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
9.8CVSS
9.6AI Score
0.014EPSS
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom* and image* have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file (that could contain a malicious payload) was kept on the disk. U...
8.8CVSS
8.7AI Score
0.041EPSS