Mike Helton » Aoblogger : Security Vulnerabilities, CVEs, CVSS score >= 1
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
Max CVSS
5.0
EPSS Score
2.84%
Published
2006-01-19
Updated
2017-07-20
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Max CVSS
7.5
EPSS Score
1.92%
Published
2006-01-19
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
Max CVSS
4.3
EPSS Score
1.35%
Published
2006-01-19
Updated
2017-07-20
3 vulnerabilities found