CVE-2019-7719
CRITICALnibbleblog 4.0.5 - Remote Code Execution via install.php Username Parameter
Title source: llmDescription
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/dignajar/nibbleblog/issues/138
Scores
CVSS v3
9.8
EPSS
0.0172
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
nibbleblog/nibbleblog
4.0.5
Published
Feb 11, 2019
Tracked Since
Feb 18, 2026