WikyBlog Multiple Remote Input Validation Vulnerabilities Network Vulnerability

Summary

WikyBlog is prone to multiple vulnerabilities, including an arbitrary-file- upload issue, a cross-site scripting issue, a remote file-include issue and a session-fixation issue. Attackers can exploit these issues to: - execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. - steal cookie-based authentication credentials. - upload arbitrary PHP scripts and execute them in the context of the webserver. - compromise the application and the underlying system. - hijack a user's session and gain unauthorized access to the affected application. WikyBlog 1.7.3rc2 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/38386

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0754
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
3Com NBX VoIP NetSet Detection
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities