Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog cms vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2016-7400
Multiple SQL injection vulnerabilities in Exponent CMS prior to 2.4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id ...
Exponentcms Exponent Cms
1 EDB exploit
265
VMScore
CVE-2010-4734
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these detai...
Amix Skeletonz Cms 1.0
1 EDB exploit
685
VMScore
CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/...
Pluck-cms Pluck 4.6.2
1 EDB exploit
312
VMScore
CVE-2017-20060
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading ...
Elefantcms Elefant Cms 1.3.12
685
VMScore
CVE-2007-1968
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 up to and including 1.6, allows remote malicious users to execute arbitrary PHP code via a URL in the scoreid parameter.
Sam Crew Myblog 1.6
Sam Crew Myblog 1.4
Sam Crew Myblog 1.5
Sam Crew Myblog 1.0
Sam Crew Myblog 1.1
Sam Crew Myblog 1.2
Sam Crew Myblog 1.3
1 EDB exploit
755
VMScore
CVE-2017-15981
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Geniusocean Newspaper 1.0
1 EDB exploit
755
VMScore
CVE-2017-15982
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Geniusocean News 1.0
1 EDB exploit
505
VMScore
CVE-2008-6193
Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent malicious users to obtain sensitive information.
Myblog Myblog
1 EDB exploit
435
VMScore
CVE-2008-2962
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
Myblog Myblog
1 EDB exploit
685
VMScore
CVE-2008-2963
Multiple SQL injection vulnerabilities in MyBlog allow remote malicious users to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
Myblog Myblog
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »