National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:nibbleblog:nibbleblog:4.0.5
There are 3 matching records.
Vuln ID Summary CVSS Severity

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.

Published: February 10, 2019; 11:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH

An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").

Published: September 06, 2018; 12:29:05 PM -04:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.

Published: February 01, 2018; 08:29:00 AM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM