Blog Cms Blog Cms version 4.2.1_c : Security vulnerabilities, CVEs

cpe:2.3:a:blog_cms:blog_cms:4.2.1_c:*:*:*:*:*:*:*

Copy

CVE-2008-0450

Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.

Max CVSS

7.5

EPSS Score

0.54%

Published

2008-01-25

Updated

2018-10-15

CVE-2008-0360

Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.

Max CVSS

7.5

EPSS Score

0.21%

Published

2008-01-18

Updated

2017-10-19

CVE-2008-0359

Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.

Max CVSS

4.3

EPSS Score

0.35%

Published

2008-01-18

Updated

2017-10-19

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!