Skip to main content

Blog

8 CVEs product

Monthly

CVE-2024-7114 MEDIUM POC This Month

A vulnerability was found in Tianchoy Blog up to 1.8.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2023-43381 HIGH POC This Week

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blog
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36748 HIGH POC THREAT This Week

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Blog
NVD
CVSS 3.1
7.5
EPSS
15.4%
CVE-2017-17950 HIGH POC This Week

Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-17949 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17948 MEDIUM POC This Month

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blog
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14346 CRITICAL POC Act Now

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Blog
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-14345 CRITICAL POC Act Now

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Tianchoy Blog up to 1.8.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blog
NVD GitHub
EPSS 15% CVSS 7.5
HIGH POC THREAT This Week

A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Blog
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blog
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blog
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy