PPhlogger <= 2.2.5 - (trace.php) Remote Command Execution Vulnerability

No description provided by source...

PPhlogger 2.2.5 Command Execution

|| || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

PPhlogger 2.2.5 - trace.php Remote Command Execution

PPhlogger 2.2.5 - trace.php Remote Command Execution || || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | |...

PPhlogger 2.2.5 - &#039;trace.php&#039; Remote Command Execution

|| || | || o,7 || . o7 || 4||| ow, : / / . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

CVE-2007-3399

SQL injection vulnerability in include/getuserdata.php in Power Phlogger PPhlogger 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php...

CVE-2007-3399

Power Phlogger (PPhlogger) 2.2.5 and earlier contains an SQL injection in include/get_userdata.php that can be exploited via the username parameter to login.php, enabling remote execution of arbitrary SQL commands. This mode documents the affected component and the underlying flaw; no remediation...

Multiple Web Security Holes

I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...