Abweb : Security Vulnerabilities, CVEs, CVSS score >= 5
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
Max CVSS
7.5
EPSS Score
0.52%
Published
2009-04-06
Updated
2017-09-29
Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
Max CVSS
6.8
EPSS Score
4.38%
Published
2009-04-06
Updated
2017-09-29
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.42%
Published
2009-04-06
Updated
2017-09-29
3 vulnerabilities found