Lucene search
K

5 matches found

CVE
CVE
added 2009/04/03 6:0 p.m.48 views

CVE-2008-6597

PHCDownload 1.1 is affected by a cross-site scripting (XSS) vulnerability in upload/install/index.php, exploitable via the step parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Affected component is PHCDownload 1.1; root cause is improper handling of the step p...

4.3CVSS5.7AI score0.01178EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2009/04/03 6:0 p.m.46 views

CVE-2008-6596

CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...

7.5CVSS8.3AI score0.00961EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/04/03 6:0 p.m.24 views

CVE-2008-6596

SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

8.1AI score0.00961EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2008/04/24 12:0 a.m.26 views

PHCDownload 1.1 - '/admin/index.php?hash' SQL Injection

source: https://www.securityfocus.com/bid/28922/info PHCDownload is prone to an SQL-injection and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspectin...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/29 12:0 a.m.11 views

PHCDownload 1.1 - search.php?string Cross-Site Scripting

PHCDownload 1.1 - search.php?string Cross-Site Scripting source: https://www.securityfocus.com/bid/27066/info PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

6.8AI score
Exploits0
Rows per page
Query Builder