Shodan
Vulnerabilities
Vulnerable Software
Mywebland:  >> Mybloggie  >> 2.1.3  Security Vulnerabilities
CVE-2006-4043
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
CVSS Score
5.0
EPSS Score
0.006
Published
2006-08-09
CVE-2006-3903
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
CVSS Score
5.8
EPSS Score
0.008
Published
2006-07-27
CVE-2006-3905
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-07-27
CVE-2006-2269
Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
CVSS Score
4.3
EPSS Score
0.004
Published
2006-05-09
CVE-2006-1205
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
CVSS Score
4.3
EPSS Score
0.014
Published
2006-03-14
CVE-2005-1500
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-05-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved