Alexander Palmo Simple Php Blog — known CVE vulnerabilities
Every CVE whose affected-product data names Alexander Palmo Simple Php Blog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2006-1243 — CVSS 7.5 (high): Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and…
CVE-2005-2733 — CVSS 7.5 (high): upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote…
CVE-2007-5071 — CVSS 7.5 (high): Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files…
CVE-2009-4421 — CVSS 6.5 (medium): Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include…
CVE-2005-0214 — CVSS 5.0 (medium): Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a…
CVE-2005-1137 — CVSS 5.0 (medium): Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which…
CVE-2005-2787 — CVSS 5.0 (medium): comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.
CVE-2005-2192 — CVSS 5.0 (medium): SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain…
CVE-2011-5029 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject…
CVE-2005-1135 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web…
CVE-2005-3473 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web…
CVE-2007-5072 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow…