6 matches found
CVE-2006-2521
PHP remote file inclusion vulnerability CVE-2006-2521 affects phpMyDirectory 10.4.4 and earlier. The flaw is in cron.php where ROOT_PATH is used to include a URL, enabling remote execution of arbitrary PHP code. Exploitation specifics and remediation steps are not provided in the connected docume...
CVE-2005-0896
CVE-2005-0896 affects phpMyDirectory 10.1.3-rel, specifically the review.php script. Multiple XSS vulnerabilities arise because user-supplied input in the subcat, page, and subsubcat parameters is not properly sanitized, allowing remote attackers to inject arbitrary HTML/JS. Reported impact inclu...
CVE-2006-4756
CVE-2006-4756 describes an SQL injection vulnerability in the PHPMyDirectory product, specifically in alpha.php. The affected versions are 10.4.6 and earlier. The flaw allows remote attackers to execute arbitrary SQL commands by manipulating the letter parameter. The description notes the provena...
CVE-2012-5288
CVE-2012-5288 : Affected software is phpMyDirectory version 1.3.3. The vulnerability is a SQL injection in the page.php handler, exploitable via the id parameter, allowing remote attackers to execute arbitrary SQL commands. The provided sources confirm the injection vector and impact concept, but...
CVE-2006-3138
Multiple XSS vulnerabilities affect phpMyDirectory
CVE-2006-4755
The CVE-2006-4755 entry describes a Cross-site Scripting (XSS) vulnerability in phpMyDirectory 10.4.6 and earlier, exploitable via the letter parameter in alpha.php. The issue allows remote attackers to inject arbitrary web script or HTML. Documents indicate no explicit remediation steps or patch...