Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.