RSS   Vulnerabilities for 'Phpslash'   RSS

2009-02-10
 
CVE-2009-0517

CWE-94
 

 
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

 
2005-12-22
 
CVE-2005-4479

 

 
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.

 
2005-07-13
 
CVE-2005-2257

 

 
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.

 
2002-05-19
 
CVE-2001-1334

 

 
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

 


Copyright 2024, cxsecurity.com

 

Back to Top