Simple Php Blog@0.4.0 Security Vulnerabilities and Issues — Simple Php Blog@0.4.0 CVE List

Lucene search

Alexander PalmoSimple Php Blog0.4.0

5 matches found

CVE•added 2005/08/30 11:45 a.m.•50 views

CVE-2005-2733

upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.

7.5CVSS7.4AI score0.80569EPSS

CVE•added 2005/05/02 4:0 a.m.•42 views

CVE-2005-1135

Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3CVSS5.8AI score0.00416EPSS

CVE•added 2005/09/02 11:3 p.m.•39 views

CVE-2005-2787

comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.

5CVSS6.9AI score0.04052EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1137

Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.

5CVSS6.6AI score0.00409EPSS

CVE•added 2005/07/11 4:0 a.m.•34 views

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.

5CVSS7.1AI score0.03544EPSS