Skip to main content

Nibbleblog

6 CVEs product

Monthly

CVE-2019-7719 CRITICAL POC Act Now

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Nibbleblog
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-16604 HIGH POC This Week

An issue was discovered in Nibbleblog v4.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Nibbleblog
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-6470 MEDIUM This Month

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Nibbleblog
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2015-6967 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%.

RCE PHP File Upload Nibbleblog
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
79.5%
Threat
5.2
CVE-2015-6966 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF PHP Nibbleblog
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8996 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Nibbleblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

An issue was discovered in Nibbleblog v4.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Nibbleblog
NVD GitHub
EPSS 80% 5.2 CVSS 6.5
MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF PHP +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Nibbleblog
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy