Blog Project: >> Blog >> 1.18 Security Vulnerabilities
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-12
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-09-12