Produkt Psychostats (...) - CVEMAP.ORG

Podatności dla 'Psychostats'

2013-05-31

CVE-2013-3721

CWE-89

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

2009-03-06

CVE-2008-6422

Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.

2007-05-30

CVE-2007-2914

CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.

2007-05-21

CVE-2007-2780

CWE-200

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

2004-12-31

CVE-2004-1417

CWE-79

Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Copyright 2024, cxsecurity.com