Gerrit Van Aaken Loudblog vulnerabilities
5 known vulnerabilities affecting gerrit_van_aaken/loudblog.
Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-0565P3HIGHCVSS 7.5PoC≤ 0.4v0.1+2 more2006-02-06
CVE-2006-0565 [HIGH] CWE-94 CVE-2006-0565: PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
nvd
CVE-2006-3832P3HIGHCVSS 7.5PoCv0.1v0.2+7 more2006-07-25
CVE-2006-3832 [HIGH] CVE-2006-3832: SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-1114P4MEDIUMCVSS 6.4PoCv0.412006-03-09
CVE-2006-1114 [MEDIUM] CVE-2006-1114: Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
nvd
CVE-2006-1113P4MEDIUMCVSS 5.0PoCv0.412006-03-09
CVE-2006-1113 [MEDIUM] CVE-2006-1113: SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execut
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-3820P4MEDIUMCVSS 4.3v0.1v0.2+3 more2006-07-25
CVE-2006-3820 [MEDIUM] CVE-2006-3820: Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote
Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
nvd