Aggregates CVE and security vulnerability intelligence across all archangelmgt-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, vendor risk path handling, and vendor risk cross-site scripting, with potential vendor impact data exposure across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-2356 | SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | [email protected] | 7.5 | 0.97% | 2008-05-20 | 2026-06-16 |
| CVE-2007-2574 | Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. | [email protected] | 5.0 | 2.43% | 2007-05-09 | 2026-06-16 |
| CVE-2006-4091 | Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. | [email protected] | 4.3 | 1.13% | 2006-08-11 | 2026-06-16 |
| CVE-2006-0945 | PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | [email protected] | 6.5 | 1.31% | 2006-02-28 | 2026-06-16 |
| CVE-2006-0944 | Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | [email protected] | 7.5 | 3.56% | 2006-02-28 | 2026-06-16 |