Leif M. Wright » Web Blog : Security Vulnerabilities, CVEs, CVSS score >= 7
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
Max CVSS
7.5
EPSS Score
1.23%
Published
2006-02-22
Updated
2017-07-20
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.
Max CVSS
7.5
EPSS Score
8.40%
Published
2004-12-31
Updated
2017-07-11
2 vulnerabilities found