SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
8.8AI Score
0.001EPSS
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
8AI Score
0.007EPSS
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
8AI Score
0.007EPSS
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
8AI Score
0.007EPSS