Wuzly

wuzly

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3839 1Wuzly 1Wuzly Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.
CVE-2011-3838 1Wuzly 1Wuzly Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and...Show more Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php.Show less
CVE-2011-3837 1Wuzly 1Wuzly Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php.
CVE-2011-3836 1Wuzly 1Wuzly Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors.Show less
CVE-2011-3835 1Wuzly 1Wuzly Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to s...Show more Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter to media.php in admin/; the sidebar parameter to (12) add_widget.php and (13) widgets.php, id parameter to (14) category_delete.php, (15) comment.php, (16) page_delete.php, and (17) post_delete.php, (18) type parameter to media.php, and (19) id and (20) sidebar parameter to widget_delete.php in mobile/; and the (21) name, (22) email, (23) website, and (24) comment parameters to index.php; and the (25) username parameter to admin/login.php.Show less