Skip to main content

Plogger

3 CVEs product

Monthly

CVE-2014-2224 MEDIUM This Month

Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Plogger
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2223 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection File Upload Plogger
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.4%
CVE-2012-5289 HIGH POC This Week

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Plogger
NVD
CVSS 2.0
7.5
EPSS
0.4%
EPSS 0% CVSS 5.0
MEDIUM This Month

Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Plogger
NVD
EPSS 10% CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection +2
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Plogger
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy