Dayfox Designs Dayfox Blog vulnerabilities
5 known vulnerabilities affecting dayfox_designs/dayfox_blog.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2007-1525P3MEDIUMCVSS 6.8PoCv42007-03-20
CVE-2007-1525 [MEDIUM] CVE-2007-1525: Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote a
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
nvd
CVE-2008-3564P3HIGHCVSS 7.5PoCv42008-08-10
CVE-2008-3564 [HIGH] CWE-22 CVE-2008-3564: Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
nvd
CVE-2006-2522P3HIGHCVSS 7.5≤ 2.02006-05-22
CVE-2006-2522 [HIGH] CVE-2006-2522: Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document ro
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
nvd
CVE-2007-0150P4HIGHCVSS 7.5v42007-01-09
CVE-2007-0150 [HIGH] CVE-2007-0150: Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attacker
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
nvd
CVE-2006-5183P4HIGHCVSS 7.5v2.02006-10-10
CVE-2006-5183 [HIGH] CVE-2006-5183: Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote at
Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit.
nvd