PHProfession 2.5 - upload.php Direct Request Full Path Disclosure

PHProfession 2.5 - upload.php Direct Request Full Path Disclosure source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabiliti...

PHProfession 2.5 - 'modules.php?offset' SQL Injection

source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitiv...

PHProfession 2.5 - 'modules.php?jcode' Cross-Site Scripting

source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitiv...