91 matches found
MyPHP Forum 'faq.php' and 'member.php' Multiple SQL Injection Vulnerabilities
MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t...
myphp-sql.txt
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
MyPHP Forum <= 3.0 (Final) Multiple SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ================================================================= MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC:...
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
MyPHP Forum 3.0 Final - Multiple SQL Injections Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $memb...
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
MyPHP CMS global_header.php远程文件包含漏洞
BUGTRAQ ID: 18834 MyPHP CMS是基于PHP的开放源码内容管理系统。 MyPHP CMS实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 在MyPHP CMS的globalheader.php文件中没有正确地检查过滤$domain变量,如果registerglobals=on的话,远程攻击者就可以利用简单的PHP代码注入脚本执行任意命令。 MyPHP CMS = 0.3 MyPHP CMS --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2006-3478
PHP remote file inclusion vulnerability in styles/default/globalheader.php in MyPHP CMS 0.3 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter...
CVE-2006-3478
PHP remote file inclusion vulnerability in styles/default/globalheader.php in MyPHP CMS 0.3 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter...
CVE-2006-3478
CVE-2006-3478 is a PHP remote file inclusion vulnerability affecting MyPHP CMS 0.3 and earlier. The flaw resides in styles/default/global_header.php and is exploitable when register_globals is enabled, allowing remote attackers to execute arbitrary PHP code via a URL in the domain parameter. The ...
MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerability
Exploit for unknown platform in category web applications =========================================================== MyPHP CMS = 0.3 domain Remote File Include Vulnerability ===========================================================...
MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- MyPHP CMS = 0.3 domain Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...
MyPHP CMS 0.3 - domain Remote File Inclusion
MyPHP CMS 0.3 - domain Remote File Inclusion --------------------------------------------------------------------------- MyPHP CMS = 0.3 domain Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Te...
MyPHP CMS 0.3 - 'domain' Remote File Inclusion
--------------------------------------------------------------------------- MyPHP CMS = 0.3 domain Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RoSecurityGroup.net : Remote : Ye...
CVE-2006-3062
Cross-site scripting XSS vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2006-3062
The CVE-2006-3062 entry concerns a cross-site scripting (XSS) flaw in myPHP Guestbook 2.0.4 and older, exploitable via the lang parameter in index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML. Public references confirm the affected application/version comb...
CVE-2006-3062
Cross-site scripting XSS vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2006-3063
Multiple cross-site scripting XSS vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 email, 3 homepage, 4 id, 5 name, and 6 text parameters in a index.php, the 7 comment, 8 email, 9...
CVE-2006-3063
The CVE-2006-3063 entry describes multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and prior to 2.0.1 RC5. The flaw allows remote attackers to inject arbitrary script or HTML via user-supplied content in specific parameters across multiple pages: (a) ind...
CVE-2005-1404
MyPHP Forum 1.0 is affected by CVE-2005-1404. The vulnerability allows remote attackers to spoof the username by tampering with parameters in requests: nbuser to post.php or sender to privmsg.php. The available sources describe the affected component and the input parameters involved, but do not ...
CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...