5 matches found
CVE-2008-6597
PHCDownload 1.1 is affected by a cross-site scripting (XSS) vulnerability in upload/install/index.php, exploitable via the step parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Affected component is PHCDownload 1.1; root cause is improper handling of the step p...
CVE-2008-6596
CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...
CVE-2008-6596
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
PHCDownload 1.1 - '/admin/index.php?hash' SQL Injection
source: https://www.securityfocus.com/bid/28922/info PHCDownload is prone to an SQL-injection and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspectin...
PHCDownload 1.1 - search.php?string Cross-Site Scripting
PHCDownload 1.1 - search.php?string Cross-Site Scripting source: https://www.securityfocus.com/bid/27066/info PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...