Max.blog@1.0.6 Security Vulnerabilities and Issues — Max.blog@1.0.6 CVE List

Lucene search

MzbservicesMax.blog1.0.6

2 matches found

CVE•added 2009/02/03 7:30 p.m.•33 views

CVE-2009-0409

SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8CVSS8.7AI score0.00345EPSS

CVE•added 2009/02/02 7:30 p.m.•32 views

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.

6.4CVSS6.9AI score0.06806EPSS