Blogator-script : Security Vulnerabilities, CVEs,
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
Max CVSS
6.4
EPSS Score
2.00%
Published
2009-03-16
Updated
2018-10-11
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
Max CVSS
6.8
EPSS Score
4.02%
Published
2008-04-12
Updated
2017-09-29
2 vulnerabilities found