12 matches found
CVE-2005-2733
The CVE-2005-2733 issue affects Simple PHP Blog (SPHPBlog) where upload_img_cgi.php does not properly restrict uploaded file extensions, enabling remote code execution. The vulnerability is documented in NVD with a base score of 7.5 (HIGH) and is evidenced by the SPHPBlog file-upload weakness des...
CVE-2005-1135
The CVE-2005-1135 issue affects Simple PHP Blog (sphpBlog) 0.4.0, where the search.php script’s q parameter is not properly validated, enabling a remote attacker to inject arbitrary web script or HTML (XSS). The vulnerability is confirmed by the primary CVE entry and supports remediation guidance...
CVE-2005-2787
CVE-2005-2787 concerns the Simple PHP Blog application. The description indicates that the script comment_delete_cgi.php is vulnerable: remote attackers can delete arbitrary files via the comment parameter. This fragility is the core of the vulnerability, arising from improper handling of input i...
CVE-2005-3473
The CVE-2005-3473 entry describes multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog
CVE-2005-1137
Vulnerability CVE-2005-1137 affects Simple PHP Blog (sphpBlog) 0.4.0. The issue arises when an attacker directly requests sb_functions.php and triggers a PHP error message that leaks the full filesystem pathname, exposing sensitive information. This is a server-side information disclosure vulnera...
CVE-2007-5071
CVE-2007-5071 is an incomplete blacklist vulnerability in Simple PHP Blog. The flaw lies in upload_img_cgi.php on versions before 0.5.1, allowing remote attackers to upload dangerous files (e.g., PHP files or .htaccess) and execute arbitrary code, demonstrated by such filenames. This describes a ...
CVE-2006-1243
CVE-2006-1243 affects Simple PHP Blog (SPB) up to version 0.4.7.1, via install05.php. The vulnerability is a local file inclusion triggered by improper handling of the blog_language parameter, allowing directory traversal and a NUL character to force inclusion of arbitrary local files (demonstrat...
CVE-2005-0214
Simple PHP Blog (SPHPBlog) 0.3.7c is vulnerable to a directory traversal flaw via the entry parameter, enabling remote read/write of arbitrary server files. Root cause is improper sanitization of user input. OpenVAS corroborates a traversal/arbitrary file access issue, with Nessus pointing to com...
CVE-2009-4421
CVE-2009-4421 affects Simple PHP Blog
CVE-2005-2192
CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...
CVE-2011-5029
CVE-2011-5029 affects Simple PHP Blog, version 0.7.0 (and possibly earlier). The vulnerability is a cross-site scripting (XSS) flaw in which an attacker can inject arbitrary web script or HTML via the following parameters: (1) entry parameter to delete.php and (2) category parameter to index.php....
CVE-2007-5072
CVE-2007-5072 affects the Simple PHP Blog (SPHPBlog) prior to version 0.5.1. The root cause is cross-site scripting (XSS) vulnerabilities that occur when register_globals is enabled, allowing remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to files...