2 matches found
CVE-2007-4157
PHPBlogger stores sensitive information under the web root with insufficient access control, allowing remote retrieval of data/pref.db. The retrieved database contains the admin password hash, which can be used to craft authentication cookies and gain administrative access without the cleartext p...
CVE-2006-3514
PHP-Blogger 2.2.5 (and possibly earlier) has multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the parameters: name, title, news, description, and sitename. The CVE notes only the presence of XSS w...