3 results (0.005 seconds)

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 1

PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Weblog 3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. NOTA: este asunto ha sido impugnado por un investigador de una tercera parte, ya que el la variable path_to_folder es inicializada antes de ser usada. • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html http://attrition.org/pipermail/vim/2007-April/001527.html http://osvdb.org/35360 http://securityreason.com/securityalert/2582 http://www.securityfocus.com/archive/1/465735/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33708 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. • https://www.exploit-db.com/exploits/27478 https://www.exploit-db.com/exploits/27477 http://evuln.com/vulns/101/summary.html http://secunia.com/advisories/19273 http://securityreason.com/securityalert/638 http://securitytracker.com/id?1015818 http://www.osvdb.org/23945 http://www.osvdb.org/23946 http://www.securityfocus.com/archive/1/428903/100/0/threaded http://www.securityfocus.com/bid/17159 http://www.securityfocus.com/bid/17247 http://www.vupen.com/english •