Mzbservices Max.Blog vulnerabilities
2 known vulnerabilities affecting mzbservices/max.blog.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-0383P3MEDIUMCVSS 6.4PoCv1.0.62009-02-02
CVE-2009-0383 [MEDIUM] CWE-264 CVE-2009-0383: delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to del
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
nvd
CVE-2009-0409P3MEDIUMCVSS 6.8PoCv1.0.62009-02-03
CVE-2009-0409 [MEDIUM] CWE-89 CVE-2009-0409: SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
nvd