The remote host is running myBloggie, a web log system written in PHP. The remote version of this software has been found contain multiple vulnerabilities: * Full Path Disclosure Due to an improper sanitization of the post_id parameter, it's possible to show the full path by sending a simple request. * Cross-Site Scripting (XSS) Input passed to 'year' parameter in viewmode.php is not properly sanitised before being returned to users. This can be exploited execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. * SQL Injection When myBloggie get the value of the 'keyword' parameter and put it in the SQL query, don't sanitise it. So a remote user can do SQL injection attacks.

Patches have been provided by the vendor and are available at: http://mywebland.com/forums/viewtopic.php?t=180