This page aggregates publicly disclosed CVE and security risk information related to logaholic, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-6560 | Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. | [email protected] | 4.3 | 1.96% | 2007-12-27 | 2026-06-16 |
| CVE-2007-6559 | Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | [email protected] | 7.5 | 1.20% | 2007-12-27 | 2026-06-16 |