Blursoft : Security Vulnerabilities, CVEs, CVSS score >= 5
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-06-19
Updated
2018-10-18
Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php).
Max CVSS
5.0
EPSS Score
0.33%
Published
2006-04-13
Updated
2018-10-18
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.
Max CVSS
7.5
EPSS Score
0.58%
Published
2006-04-13
Updated
2018-10-18
3 vulnerabilities found