Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Blogphp Subscribe
Filtered by product Blogphp
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2524 1 Blogphp 1 Blogphp 2023-12-10 5.0 MEDIUM N/A
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
CVE-2008-6745 1 Blogphp 1 Blogphp 2023-12-10 7.5 HIGH N/A
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
CVE-2008-6631 1 Blogphp 1 Blogphp 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
CVE-2008-0678 1 Blogphp 1 Blogphp 2023-12-10 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
CVE-2008-0679 1 Blogphp 1 Blogphp 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.