Lucene search
K
Alexander PalmoSimple Php Blog

12 matches found

CVE
CVE
added 2005/08/29 4:0 a.m.70 views

CVE-2005-2733

The CVE-2005-2733 issue affects Simple PHP Blog (SPHPBlog) where upload_img_cgi.php does not properly restrict uploaded file extensions, enabling remote code execution. The vulnerability is documented in NVD with a base score of 7.5 (HIGH) and is evidenced by the SPHPBlog file-upload weakness des...

7.5CVSS7.4AI score0.50888EPSS
Web
CVE
CVE
added 2005/04/16 4:0 a.m.53 views

CVE-2005-1135

The CVE-2005-1135 issue affects Simple PHP Blog (sphpBlog) 0.4.0, where the search.php script’s q parameter is not properly validated, enabling a remote attacker to inject arbitrary web script or HTML (XSS). The vulnerability is confirmed by the primary CVE entry and supports remediation guidance...

4.3CVSS5.8AI score0.01736EPSS
CVE
CVE
added 2005/09/02 4:0 a.m.50 views

CVE-2005-2787

CVE-2005-2787 concerns the Simple PHP Blog application. The description indicates that the script comment_delete_cgi.php is vulnerable: remote attackers can delete arbitrary files via the comment parameter. This fragility is the core of the vulnerability, arising from improper handling of input i...

5CVSS6.9AI score0.05621EPSS
CVE
CVE
added 2005/11/03 2:0 a.m.49 views

CVE-2005-3473

The CVE-2005-3473 entry describes multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog

4.3CVSS6.1AI score0.02177EPSS
CVE
CVE
added 2005/04/16 4:0 a.m.48 views

CVE-2005-1137

Vulnerability CVE-2005-1137 affects Simple PHP Blog (sphpBlog) 0.4.0. The issue arises when an attacker directly requests sb_functions.php and triggers a PHP error message that leaks the full filesystem pathname, exposing sensitive information. This is a server-side information disclosure vulnera...

5CVSS6.6AI score0.01306EPSS
CVE
CVE
added 2007/09/24 11:0 p.m.47 views

CVE-2007-5071

CVE-2007-5071 is an incomplete blacklist vulnerability in Simple PHP Blog. The flaw lies in upload_img_cgi.php on versions before 0.5.1, allowing remote attackers to upload dangerous files (e.g., PHP files or .htaccess) and execute arbitrary code, demonstrated by such filenames. This describes a ...

7.5CVSS7.4AI score0.03021EPSS
CVE
CVE
added 2006/03/15 5:0 p.m.46 views

CVE-2006-1243

CVE-2006-1243 affects Simple PHP Blog (SPB) up to version 0.4.7.1, via install05.php. The vulnerability is a local file inclusion triggered by improper handling of the blog_language parameter, allowing directory traversal and a NUL character to force inclusion of arbitrary local files (demonstrat...

7.5CVSS7.3AI score0.09528EPSS
CVE
CVE
added 2005/02/06 5:0 a.m.45 views

CVE-2005-0214

Simple PHP Blog (SPHPBlog) 0.3.7c is vulnerable to a directory traversal flaw via the entry parameter, enabling remote read/write of arbitrary server files. Root cause is improper sanitization of user input. OpenVAS corroborates a traversal/arbitrary file access issue, with Nessus pointing to com...

5CVSS6.8AI score0.01665EPSS
CVE
CVE
added 2009/12/24 5:0 p.m.45 views

CVE-2009-4421

CVE-2009-4421 affects Simple PHP Blog

6.5CVSS6.8AI score0.01999EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.44 views

CVE-2005-2192

CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...

5CVSS7.1AI score0.0406EPSS
CVE
CVE
added 2011/12/29 10:0 p.m.40 views

CVE-2011-5029

CVE-2011-5029 affects Simple PHP Blog, version 0.7.0 (and possibly earlier). The vulnerability is a cross-site scripting (XSS) flaw in which an attacker can inject arbitrary web script or HTML via the following parameters: (1) entry parameter to delete.php and (2) category parameter to index.php....

4.3CVSS6.1AI score0.01148EPSS
CVE
CVE
added 2007/09/24 11:0 p.m.37 views

CVE-2007-5072

CVE-2007-5072 affects the Simple PHP Blog (SPHPBlog) prior to version 0.5.1. The root cause is cross-site scripting (XSS) vulnerabilities that occur when register_globals is enabled, allowing remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to files...

4.3CVSS5.9AI score0.01263EPSS
Web