Gerrit Van Aaken: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-07-25
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.052
Published
2006-07-25
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-03-09
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
CVSS Score
6.4
EPSS Score
0.072
Published
2006-03-09
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
CVSS Score
7.5
EPSS Score
0.181
Published
2006-02-06