Nibbleblog: >> Nibbleblog >> 4.0.5 Security Vulnerabilities
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").
CVSS Score
7.2
EPSS Score
0.005
Published
2018-09-06
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-01