Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.14%
Published
2009-02-19
Updated
2017-09-29
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
Max CVSS
7.5
EPSS Score
1.86%
Published
2008-09-30
Updated
2017-09-29
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
Max CVSS
6.8
EPSS Score
0.10%
Published
2008-07-02
Updated
2017-09-29
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
Max CVSS
6.5
EPSS Score
0.34%
Published
2007-04-18
Updated
2018-10-16
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
Max CVSS
7.5
EPSS Score
3.01%
Published
2007-04-18
Updated
2018-10-16
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!