26 matches found
CVE-2020-37108
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
CVE-2020-37108
The CVE-2020-37108 issue affects PhpIX 2012 Professional and is caused by an SQL injection in the id parameter of product_detail.php, enabling remote manipulation of database queries. Affected component: product_detail.php (id parameter). Underlying cause: improper handling/sanitization of user i...
CVE-2020-37108
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
PT-2026-5854
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
EUVD-2000-0906
Malware in sbrugna...
PhpIX 2012 Professional - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: PhpIX 2012 Professional - 'id' SQL Injection Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search Enggine. +...
PhpIX 2012 Professional (Beta) SQL Injection
==================================================================================================================================== | Title : PhpIX 2012 Professional Beta SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
PhpIX 2012 Professional - id SQL Injection
PhpIX 2012 Professional - id SQL Injection Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search...
phpix 1.0 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The...
PHPix 2.0.3 - Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9458/info It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized access t...
PHPix远程任意命令执行漏洞
PHPix是用PHP开发的基于Web的相册程序。PHPix不充分处理外部提供的恶意数据,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。问题是PHPix中的index.phtml对用户提交的URI参数缺少充分过滤,提交包含SHELL元字符的数据,可导致以WEB进程权限在系统上执行任意命令。 PHPix 2.0.3 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://phpix.org/ Max Stepanov ([email protected])提供了如下测试方法:...
PHPix directory traversal vulnerability
PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. Example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within /etc...
PHPix Directory Traversal Vulnerability
PHPix is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2005 Zorgon Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
The remote host is running phpix, a PHP-based photo gallery suite. Multiple vulnerabilities have been discovered in this product, which may allow a remote attacker to execute arbitrary commands with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
PHPix 2.0.3 - Arbitrary Command Execution
PHPix 2.0.3 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/9458/info It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized...
PHPix 2.0.3 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/9458/info It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized access to the affected system with the...
CVE-2000-0919
CVE-2000-0919 is a directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier that allows remote attackers to read arbitrary files by prefixing a path with ..%2F..%2F (dot-dot). OpenVAS/Nessus entries confirm the issue with an example payload such as /Album/?mode=album&album=..%2F.....
CVE-2000-0919
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...
CVE-2000-0919
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...