Blog Project Security Vulnerabilities
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack....
4.3CVSS
4.7AI Score
0.001EPSS
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.....
7.2CVSS
7.6AI Score
0.002EPSS
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
5.5CVSS
4.8AI Score
0.001EPSS
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack...
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList...
6.5CVSS
6.2AI Score
0.001EPSS
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom* and image* have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file (that could contain a malicious payload) was kept on the disk......
8.8CVSS
8.7AI Score
0.041EPSS
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing...
5.4CVSS
5.3AI Score
0.001EPSS
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post...
6.1CVSS
6.1AI Score
0.001EPSS
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component...
9.8CVSS
9.8AI Score
0.002EPSS
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList...
8.8CVSS
9AI Score
0.001EPSS
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo'...
5.4CVSS
5.4AI Score
0.001EPSS
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php...
9.8CVSS
9.6AI Score
0.003EPSS
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to...
9.8CVSS
9.7AI Score
0.002EPSS
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to...
9.8CVSS
9.7AI Score
0.002EPSS
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete...
7.5CVSS
8.1AI Score
0.001EPSS
The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted...
4.3CVSS
4.9AI Score
0.001EPSS
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.8AI Score
0.008EPSS
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may...
5.4CVSS
5.1AI Score
0.001EPSS
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5"...
9.8CVSS
9.8AI Score
0.002EPSS
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java...
6.1CVSS
5.9AI Score
0.001EPSS
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious...
8.1CVSS
8AI Score
0.001EPSS
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component...
6.1CVSS
6.2AI Score
0.001EPSS
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component...
6.1CVSS
6.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to...
6.1CVSS
6AI Score
0.001EPSS
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to...
9.8CVSS
9.9AI Score
0.002EPSS
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin...
9.8CVSS
9.6AI Score
0.002EPSS
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup...
9.8CVSS
9.6AI Score
0.002EPSS
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site...
9.8CVSS
9.5AI Score
0.005EPSS
In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to...
6.1CVSS
5.9AI Score
0.001EPSS
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author...
9.8CVSS
9.9AI Score
0.003EPSS
5.4CVSS
5.2AI Score
0.001EPSS