cbcvebase.

Gerrit Van Aaken Loudblog vulnerabilities

5 known vulnerabilities affecting gerrit_van_aaken/loudblog.

Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2006-0565P3HIGHCVSS 7.5PoC≤ 0.4v0.1+2 more2006-02-06
CVE-2006-0565 [HIGH] CWE-94 CVE-2006-0565: PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
nvd
CVE-2006-3832P3HIGHCVSS 7.5PoCv0.1v0.2+7 more2006-07-25
CVE-2006-3832 [HIGH] CVE-2006-3832: SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-1114P4MEDIUMCVSS 6.4PoCv0.412006-03-09
CVE-2006-1114 [MEDIUM] CVE-2006-1114: Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
nvd
CVE-2006-1113P4MEDIUMCVSS 5.0PoCv0.412006-03-09
CVE-2006-1113 [MEDIUM] CVE-2006-1113: SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execut SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-3820P4MEDIUMCVSS 4.3v0.1v0.2+3 more2006-07-25
CVE-2006-3820 [MEDIUM] CVE-2006-3820: Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
nvd
Gerrit Van Aaken Loudblog vulnerabilities | cvebase