Blog Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5.7AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) c...
8.8AI Score
0.002EPSS
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
9.8CVSS
9.7AI Score
0.002EPSS
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
9.8CVSS
9.6AI Score
0.003EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
8.8CVSS
9.1AI Score
0.001EPSS
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.
7.5CVSS
7.9AI Score
0.004EPSS
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom* and image* have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file (that could contain a malicious payload) was kept on the disk. U...
8.8CVSS
8.7AI Score
0.041EPSS
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php
7.5CVSS
7.6AI Score
0.001EPSS