Check CVE Id
Check CWE Id
Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.
See advisories in our WLB2 database:
ProjectPier <= 0.80 Cross Site Scripting and Request Forgery
(Cross-Site Request Forgery (CSRF))
CVSS Base Score
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the...
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter t...
Back to Top