Produkt Phpenpals (...) - CVEMAP.ORG

Podatności dla 'Phpenpals'

2009-05-29

CVE-2009-1814

CWE-89

SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.

2006-01-03

CVE-2006-0074

CWE-89

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.

Copyright 2024, cxsecurity.com