CVE-2022-29659
https://notcve.org/view.php?id=CVE-2022-29659
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. Se ha detectado que Responsive Online Blog versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo single.php • https://packetstormsecurity.com/files/158391/responsiveonlineblog10poc-sql.txt https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html.aa • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-42233
https://notcve.org/view.php?id=CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. El plugin Simple Blog de Wondercms versión 3.4.1, es vulnerable a una vulnerabilidad de tipo cross-site scripting (XSS) almacenado. Cuando cualquier usuario abre un blog particular alojado en el sitio de un atacante, puede producirse un ataque de tipo XSS • https://hackerone.com/reports/485748 https://hackerone.com/reports/647130 https://hackerone.com/reports/961046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-28512
https://notcve.org/view.php?id=CVE-2022-28512
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Fantastic Blog CMS versión 1.0 . Un atacante puede inyectar una consulta en "/fantasticblog/single.php" por medio de los parámetros "id=5" • https://github.com/JiuBanSec/CVE/blob/main/Fantastic%20Blog%20CMS/SQL1.md https://www.sourcecodester.com/php/12258/fantastic-blog-cms-php.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-23626 – Insufficient file checks in m1k1o/blog
https://notcve.org/view.php?id=CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. m1k1o/blog es un blog PHP ligero y auto-alojado al estilo de Facebook. • https://www.exploit-db.com/exploits/50943 http://packetstormsecurity.com/files/167235/m1k1os-Blog-1.3-Remote-Code-Execution.html https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef https://github.com/m1k1o/blog/security/advisories/GHSA-wmqj-5v54-24x4 • CWE-20: Improper Input Validation CWE-252: Unchecked Return Value •
CVE-2020-20605
https://notcve.org/view.php?id=CVE-2020-20605
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. Blog CMS versiónv1.0 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /controller/CommentAdminController.java • https://github.com/xuzijia/blog/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •