RSS   Podatności dla 'Phpstatus'   RSS

2006-02-07
 
CVE-2006-0572

CWE-Other
 

 
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.

 
 
CVE-2006-0571

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

 
 
CVE-2006-0570

CWE-Other
 

 
Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.

 

 >>> Vendor: Hinton design 6 Produkty
Phpstatus
Phphg guestbook
Phphd
Phpht topsites
Phpht topsites free
Phphd download system


Copyright 2024, cxsecurity.com

 

Back to Top