Epic Designs Eggblog vulnerabilities
7 known vulnerabilities affecting epic_designs/eggblog.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2006-0349P3HIGHCVSS 7.5PoCv2.02006-01-21
CVE-2006-0349 [HIGH] CVE-2006-0349: SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands
SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php.
nvd
CVE-2006-2725P4MEDIUMCVSS 6.4PoC≤ 3.0.62006-06-01
CVE-2006-2725 [MEDIUM] CVE-2006-2725: SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execu
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-0350P4MEDIUMCVSS 4.3PoCv2.02006-01-21
CVE-2006-0350 [MEDIUM] CVE-2006-0350: Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary w
Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.
nvd
CVE-2006-2727P4HIGHCVSS 7.5≤ 3.0.6v2.0+1 more2006-06-01
CVE-2006-2727 [HIGH] CVE-2006-2727: home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administra
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
nvd
CVE-2005-4546P4HIGHCVSS 7.8≤ 2.02005-12-28
CVE-2005-4546 [HIGH] CVE-2005-4546: search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.
nvd
CVE-2006-6046P4MEDIUMCVSS 6.8v3.1.02006-11-22
CVE-2006-6046 [MEDIUM] CWE-79 CVE-2006-6046: Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to injec
Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php.
nvd
CVE-2005-4547P4MEDIUMCVSS 4.3≤ 2.02005-12-28
CVE-2005-4547 [MEDIUM] CVE-2005-4547: Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers t
Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields.
nvd