CVE-2007-3001

Multiple cross-site scripting XSS vulnerabilities in PHP JackKnife PHPJK allow remote attackers to inject arbitrary web script or HTML via 1 the sUName parameter to UserArea/Authenticate.php, 2 the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the 3 iCategoryUnq, 4 iDBLoc, 5...

CVE-2007-3002

CVE-2007-3002 affects PHP JackKnife (PHPJK). The vulnerability arises when processing invalid values in index.php (iParentUnq[]) or G_Display.php (iCategoryUnq[] or sSort[]), where error messages disclose the path information. The available sources describe the issue but do not specify affected v...

CVE-2007-3000

CVE-2007-3000 concerns multiple SQL injection vulnerabilities in the PHP JackKnife (PHPJK) package. The issues allow remote attackers to execute arbitrary SQL commands by supplying crafted input to two parameters: (1) iCategoryUnq in G_Display.php and (2) iSearchID in Search/DisplayResults.php. A...

CVE-2007-3001

The CVE-2007-3001 entry concerns PHP JackKnife (PHPJK) up to version 2.21 and earlier, with multiple XSS flaws. The described vulnerable components are Server-side scripts in PHP JackKnife: UserArea/Authenticate.php (sUName), UserArea/NewAccounts/index.php (sAccountUnq), and G_Display.php (iCateg...