Summary
WikyBlog is prone to multiple vulnerabilities, including an arbitrary-file- upload issue, a cross-site scripting issue, a remote file-include issue and a session-fixation issue.
Attackers can exploit these issues to:
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
- steal cookie-based authentication credentials.
- upload arbitrary PHP scripts and execute them in the context of the webserver.
- compromise the application and the underlying system.
- hijack a user's session and gain unauthorized access to the affected application.
WikyBlog 1.7.3rc2 is vulnerable
other versions may also be affected.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-0754 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability