cbcvebase.

Katywhitton Blogit ! vulnerabilities

4 known vulnerabilities affecting katywhitton/blogit_!.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-0334P3HIGHCVSS 7.5PoCv_nil_2009-01-29
CVE-2009-0334 [HIGH] CWE-89 CVE-2009-0334: SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
nvd
CVE-2009-0337P3HIGHCVSS 7.5PoCv_nil_2009-01-29
CVE-2009-0337 [HIGH] CWE-89 CVE-2009-0337: SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2009-0336P4MEDIUMCVSS 5.0PoCv_nil_2009-01-29
CVE-2009-0336 [MEDIUM] CWE-264 CVE-2009-0336: Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access contro Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
nvd
CVE-2009-0335P4MEDIUMCVSS 4.3PoCv_nil_2009-01-29
CVE-2009-0335 [MEDIUM] CWE-79 CVE-2009-0335: Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attacker Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
nvd
Katywhitton Blogit ! vulnerabilities | cvebase