National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:nibbleblog:nibbleblog:4.0.5
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.

Published: February 10, 2019; 11:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-16604

An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").

Published: September 06, 2018; 12:29:05 PM -04:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2018-6470

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.

Published: February 01, 2018; 08:29:00 AM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM