2 results (0.012 seconds)

CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 1

PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/plugins/NP_UserSharing.php de BLOG:CMS 4.1.3 y versiones anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro DIR_ADMIN. • https://www.exploit-db.com/exploits/2923 http://marc.info/?l=bugtraq&m=116595444801459&w=2 http://secunia.com/advisories/23345 http://securitytracker.com/id?1017375 http://www.vupen.com/english/advisories/2006/4984 https://exchange.xforce.ibmcloud.com/vulnerabilities/30854 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.php de BLOG:CMS 4.1.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro FADDR. • https://www.exploit-db.com/exploits/29095 http://marc.info/?l=bugtraq&m=116387287216907&w=2 http://secunia.com/advisories/23025 http://securitytracker.com/id?1017250 http://www.securityfocus.com/bid/21173 http://www.vupen.com/english/advisories/2006/4598 https://exchange.xforce.ibmcloud.com/vulnerabilities/30385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •