) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Keyword (text search): cpe:2.3:a:nibbleblog:nibbleblog:4.0.5:*:*:*:*:*:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-7719 |
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. Published: February 10, 2019; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-16604 |
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). Published: September 06, 2018; 12:29:05 PM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-6470 |
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. Published: February 01, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |