cbcvebase.

Tuxplanet Bilboblog vulnerabilities

4 known vulnerabilities affecting tuxplanet/bilboblog.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2008-3303P3MEDIUMCVSS 6.8PoCv0.2.12008-07-25
CVE-2008-3303 [MEDIUM] CWE-264 CVE-2008-3303: admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to byp admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
nvd
CVE-2008-3302P4MEDIUMCVSS 6.0PoCv0.2.12008-07-25
CVE-2008-3302 [MEDIUM] CWE-89 CVE-2008-3302: SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disable SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
nvd
CVE-2008-3304P4MEDIUMCVSS 5.0PoCv0.2.12008-07-25
CVE-2008-3304 [MEDIUM] CWE-200 CVE-2008-3304: BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=fals BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
nvd
CVE-2008-3301P4LOWCVSS 3.5PoCv0.2.12008-07-25
CVE-2008-3301 [LOW] CWE-79 CVE-2008-3301: Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated ad Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, re
nvd
Tuxplanet Bilboblog vulnerabilities | cvebase