Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown
CVE-2008-6745
Disclosure Date: April 23, 2009 (last updated October 04, 2023)
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
0
Attacker Value
Unknown
CVE-2008-6631
Disclosure Date: April 07, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
0
Attacker Value
Unknown
CVE-2008-2524
Disclosure Date: June 03, 2008 (last updated October 04, 2023)
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
0
Attacker Value
Unknown
CVE-2008-0678
Disclosure Date: February 12, 2008 (last updated October 04, 2023)
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
0
Attacker Value
Unknown
CVE-2008-0679
Disclosure Date: February 12, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
0
