Php-blogger Security Vulnerabilities and Issues — Php-blogger CVE List

Lucene search

PhpbloggerPhp-blogger

2 matches found

CVE•added 2007/08/03 9:17 p.m.•42 views

CVE-2007-4157

PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing t...

5CVSS6.7AI score0.00607EPSS

CVE•added 2006/07/11 11:5 p.m.•32 views

CVE-2006-3514

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

4.3CVSS6.4AI score0.00527EPSS

Web