CVE-2009-4884

phpCommunity 2.1.8 contains multiple SQL injection vulnerabilities exploitable remotely via index.php parameters (forum_id, topic_id, wert in id/nick/forum search actions). Related to class_forum.php and class_search.php. OpenVAS notes multiple input-validation issues; CVSS base 6.8 (medium). Imp...

CVE-2009-4885

CVE-2009-4885 is a Cross-site Scripting (XSS) vulnerability in phpCommunity 2, version 2.1.8, affecting templates/1/login.php. An attacker can inject arbitrary script/HTML via the msg parameter. CVSS v2 base score: 4.3 (Medium); impact is limited to partial integrity due to user-supplied content,...

CVE-2009-4886

CVE-2009-4886 affects phpCommunity 2.x (notably 2.1.8) with directory traversal flaws that let an attacker read arbitrary server files via the file parameter to module/admin/files/show_file.php or the path parameter to module/admin/files/show_source.php. The OpenVAS entry indicates multiple remot...