Blog Cms : Security Vulnerabilities, CVEs,
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
Max CVSS
7.5
EPSS Score
0.54%
Published
2008-01-25
Updated
2018-10-15
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
Max CVSS
7.5
EPSS Score
0.21%
Published
2008-01-18
Updated
2017-10-19
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
Max CVSS
4.3
EPSS Score
0.35%
Published
2008-01-18
Updated
2017-10-19
3 vulnerabilities found