SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
8.3AI Score
0.004EPSS
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
8.6AI Score
0.004EPSS