Dayfox Designs » Dayfox Blog : Security Vulnerabilities, CVEs, Published In 2007
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
Max CVSS
6.8
EPSS Score
14.54%
Published
2007-03-20
Updated
2017-10-11
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
Max CVSS
7.5
EPSS Score
2.37%
Published
2007-01-09
Updated
2018-10-16
2 vulnerabilities found