Mywebland

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6650 1Mywebland 1Minibloggie Apr 23, 2026 Apr 7, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
CVE-2008-5004 1Mywebland 1Bloggie Lite Apr 23, 2026 Nov 10, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
CVE-2008-4650 1Mywebland 1Myevent Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
CVE-2008-4644 1Mywebland 1Mystats Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
CVE-2008-4643 1Mywebland 1Mystats Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-4628 1Mywebland 1Minibloggie Apr 23, 2026 Oct 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-3080 1Mywebland 1Mybloggie Apr 23, 2026 Jul 9, 2008 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also ex...Show more Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.Show less
CVE-2007-3650 1Mywebland 1Mybloggie Apr 23, 2026 Jul 9, 2008 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array para...Show more myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.Show less
CVE-2007-1899 1Mywebland 1Mybloggie Apr 23, 2026 Jul 9, 2008 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated...Show more Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.Show less
CVE-2007-3353 1Mywebland 1Myevent Apr 23, 2026 Jun 22, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this i...Show more PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.Show less
CVE-2007-3194 1Mywebland 1Mybloggie Apr 23, 2026 Jun 12, 2007 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4)...Show more Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not existShow less
CVE-2007-3003 1Mywebland 1Mybloggie Apr 23, 2026 Jun 4, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors...Show more Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.Show less
CVE-2007-0353 1Mywebland 1Mybloggie Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
CVE-2006-4163 1Mywebland 1Minibloggie Apr 16, 2026 Aug 16, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher...Show more PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusiveShow less
CVE-2006-4083 1Mywebland 1Myevent Apr 16, 2026 Aug 11, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOT...Show more PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-4043 1Mywebland 1Mybloggie Apr 16, 2026 Aug 9, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
CVE-2006-4042 1Mywebland 1Mybloggie Apr 16, 2026 Aug 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name paramete...Show more Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.Show less
CVE-2006-4040 1Mywebland 1Myevent Apr 16, 2026 Aug 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
CVE-2006-3905 1Mywebland 1Mybloggie Apr 16, 2026 Jul 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
CVE-2006-3903 1Mywebland 1Mybloggie Apr 16, 2026 Jul 27, 2006 N/A· v4 N/A· v3 5.8 MEDIUM· v2 CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.

12 Next