RSS   Vulnerabilities for 'Shoutpro'   RSS

2007-04-19
 
CVE-2007-2141

CWE-Other
 

 
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.

 
2007-02-23
 
CVE-2006-7047

CWE-264
 

 
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.

 


Copyright 2024, cxsecurity.com

 

Back to Top