CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2356 – Archangel Weblog 0.90.02 - 'post_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2356
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. Vulnerabilidad de inyección SQL en index.php de Archangel Weblog 0.90.02 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro post_id. • https://www.exploit-db.com/exploits/5635 http://www.securityfocus.com/bid/29257 https://exchange.xforce.ibmcloud.com/vulnerabilities/42475 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2574 – Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-2574
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. Vulnerabilidad de salto de directorio en index.php de Archangel Weblog 0.90.02 permite a atacantes remotos leer archivos de su eleción mediante un .. (punto punto) en el parámetro index. • https://www.exploit-db.com/exploits/3859 http://osvdb.org/41731 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4091
https://notcve.org/view.php?id=CVE-2006-4091
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Archangel Management Archangel Weblog 0.90.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de las secciones (1) nombre (Name) o (2) comentario (Comment). • http://securityreason.com/securityalert/1360 http://securitytracker.com/id?1016670 http://www.securityfocus.com/archive/1/442580/100/0/threaded http://www.securityfocus.com/bid/19432 https://exchange.xforce.ibmcloud.com/vulnerabilities/28287 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0945
https://notcve.org/view.php?id=CVE-2006-0945
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. Vulnerabilidad incluida en el archivo remoto PHP en admin/index.php en Archangel Weblog 0.90.02 permite a administradores remotos autenticados ejecutar código PHP arbitrario a través de una URL que termina en NULL (%00) en el parámetro index. • http://securitytracker.com/id?1015689 http://www.osvdb.org/23621 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/25142 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2006-0944 – Archangel Weblog 0.90.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2006-0944
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. Archangel Weblog 0.90.02 permite a atacantes remotos eludir la autenticación estableciendo la cookie ba_admin a 1. • https://www.exploit-db.com/exploits/27324 http://securitytracker.com/id?1015689 http://www.osvdb.org/23620 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/24984 https://www.exploit-db.com/exploits/3859 •