PwsPHP <= 1.2.3 (index.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== PwsPHP .?\\/ if...

PwsPHP &lt;= 1.2.3 (index.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl PwsPHP = 1.2.4 index.php Remote SQL Injection Exploit http://example.com/index.php?mod=sondages&do=results&id=1%20union%20select%20id,0,0,pseudo,pass,pseudo,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20%60users%60%20/ Discovered by: papipsycho...

CVE-2006-0668

SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espacemembre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

PWSPHP XSS

The remote host runs PWSPHP Portail Web System a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced...

pwpphp122.txt

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / \ / // / /// // / // / / / / // / / .///// / .//...

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

CVE-2005-1510

The CVE-2005-1510 entry affects PwsPHP 1.2.2. A remote attacker can obtain partial confidential information by making a direct request to the admin directory, triggering an error message that reveals the path. The issue is described as an information-disclosure bug in the admin directory handling...

CVE-2005-1511

PwsPHP 1.2.2 is affected by an authentication bypass vulnerability caused by manipulation of the Pseudo cookie, allowing remote attackers to post arbitrary comments. The issue is that authentication can be bypassed and comments posted without proper authorization. No explicit remediation details ...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1510

PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message...

CVE-2005-1512

The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files...

PwsPHP v1.2.2 Final - Multiples vulnerabilities

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / / // / /// // / // / / / / // / / .///// / .// // ./...

PwsPHP profil.php id Parameter XSS

The remote host runs PWSPHP Portail Web System a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the 'skin' parameter in the script SettingsBase.php. With a specially crafted URL, an attacker could use the remo...

PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13561/info PwsPHP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

PWSPHP 1.1/1.2 - &#039;Profil.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...

PWSPHP 1.11.2 - Profil.php SQL Injection

PWSPHP 1.11.2 - Profil.php SQL Injection source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...