pwpphp122.txt

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / \ / // / /// // / // / / / / // / / .///// / .//...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1511

PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie...

CVE-2005-1511

PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie...

CVE-2005-1509

SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1512

CVE-2005-1512 concerns the Admin panel of PwsPHP 1.2.2 , where the upload validation for image files is inadequate. The vulnerability allows remote attackers to upload potentially arbitrary files, which could lead to arbitrary code execution on the server. The CVSS details from the entry indicate...

CVE-2005-1512

The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files...

CVE-2005-1510

PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message...

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

CVE-2005-1511

PwsPHP 1.2.2 is affected by an authentication bypass vulnerability caused by manipulation of the Pseudo cookie, allowing remote attackers to post arbitrary comments. The issue is that authentication can be bypassed and comments posted without proper authorization. No explicit remediation details ...

CVE-2005-1510

The CVE-2005-1510 entry affects PwsPHP 1.2.2. A remote attacker can obtain partial confidential information by making a direct request to the admin directory, triggering an error message that reveals the path. The issue is described as an information-disclosure bug in the admin directory handling...

CVE-2005-1509

SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1512

The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1509

The CVE-2005-1509 entry describes an SQL injection in profil.php of PwsPHP 1.2.2, exploitable via the id parameter. This relates to a vulnerability in the profiling page that allows remote attackers to execute arbitrary SQL commands. The NVD entry assigns a CVSS v2 base score of 7.5 (HIGH, networ...

CVE-2005-1510

PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message...

PwsPHP profil.php id Parameter XSS

The remote host runs PWSPHP Portail Web System a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the 'skin' parameter in the script SettingsBase.php. With a specially crafted URL, an attacker could use the remo...

PwsPHP v1.2.2 Final - Multiples vulnerabilities

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / / // / /// // / // / / / / // / / .///// / .// // ./...

PWSPHP 1.1/1.2 - 'Profil.php' SQL Injection

source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...

PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13561/info PwsPHP is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...