CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-4341 – MyBlog 0.9.8 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-4341
30 Sep 2008 — add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. add.php en MyBlog v0.9.8 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso con privilegios de administrador asignando el valor admin=yes y login=admin en la cookie de sesión. • https://www.exploit-db.com/exploits/6531 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2007-2081 – MyBlog 0.9.8 - 'Settings.php' Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-2081
18 Apr 2007 — MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. MyBlog 0.9.8 y anteriores permite a atacantes remotos evitar los requerimientos de autenticación mediante el parámetro de administración cookie a ciertos ficheros de administración, como ha sido demostrado por admin/settings.php. • https://www.exploit-db.com/exploits/29864 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2082
https://notcve.org/view.php?id=CVE-2007-2082
18 Apr 2007 — Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. Vulnerabilidad de inyección directa de código estático en admin/settings.php de MyBlog 0.9.8 y anteriores permite a administradores remotos autenticados inyect... • http://osvdb.org/35392 •