Mywebland : Security Vulnerabilities, CVEs, Published In 2008
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-11-10
Updated
2017-09-29
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-10-22
Updated
2017-09-29
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
Max CVSS
7.5
EPSS Score
0.68%
Published
2008-10-22
Updated
2017-09-29
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
Max CVSS
7.5
EPSS Score
0.19%
Published
2008-10-22
Updated
2017-09-29
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2008-10-21
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
Max CVSS
5.1
EPSS Score
0.10%
Published
2008-07-09
Updated
2017-09-29
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Max CVSS
5.0
EPSS Score
0.25%
Published
2008-07-09
Updated
2008-09-05
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
Max CVSS
5.1
EPSS Score
0.15%
Published
2008-07-09
Updated
2017-10-11
8 vulnerabilities found