Lucene search

K

Kwsphp Security Vulnerabilities

cve
cve

CVE-2008-6201

Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party...

8.5AI Score

0.012EPSS

2009-02-20 01:30 AM
22
cve
cve

CVE-2008-1757

Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW...

6.3AI Score

0.002EPSS

2008-04-12 08:05 PM
19
cve
cve

CVE-2008-1758

SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to...

9.4AI Score

0.001EPSS

2008-04-12 08:05 PM
20
cve
cve

CVE-2008-1759

SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than...

8.7AI Score

0.001EPSS

2008-04-12 08:05 PM
24
cve
cve

CVE-2007-5485

SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album...

9.4AI Score

0.002EPSS

2007-10-16 11:17 PM
22
cve
cve

CVE-2007-5458

SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter...

9.4AI Score

0.001EPSS

2007-10-14 07:17 PM
20
cve
cve

CVE-2007-4979

SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than...

8.7AI Score

0.002EPSS

2007-09-19 06:17 PM
18
cve
cve

CVE-2007-4956

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php....

8.8AI Score

0.002EPSS

2007-09-18 08:17 PM
20
cve
cve

CVE-2007-4922

SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party...

8.2AI Score

0.001EPSS

2007-09-17 05:17 PM
26