Product
nibbleblog
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-23356
CVE-2019-7719
CVE-2018-16604
CVE-2018-6470
CVE-2015-6967
CVE-2015-6966
CVE-2014-8996
all versions
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === fo
all versions
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private
all versions
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by
all versions
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
<= 4.0.4
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute a
<= 4.0.4
Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authent
<= 4.0.1
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web scri