CVE-2018-16604

Published September 6th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}").

dignajar/nibbleblog

Easy, fast and free CMS Blog. All you need is PHP to work.

GitHub

230