3 matches found
CVE-2006-3110
The CVE-2006-3110 issue affects Chipmailer 1.09 and is a Cross-site Scripting (XSS) vulnerability in main.php, exploitable through the (1) name, (2) betreff, (3) mail, and (4) text parameters. The NVD entry documents a MEDIUM impact (CVSS v2: AV:N/AC:M/Au:N/C:N/I:P/A:N) with a base score of 4.3. ...
CVE-2006-3112
The CVE-2006-3112 issue affects Chipmailer 1.09 and allows remote attackers to obtain sensitive information by issuing a direct request to php.php, which exposes the output of phpinfo. This directly implies partial confidentiality impact as described, but exploitation details, affected versions b...
CVE-2006-3111
Chipmailer 1.09 contains multiple SQL injection flaws in main.php that let remote attackers execute arbitrary SQL commands via parameters (anfang, name, mail, anrede, vorname, nachname, gebtag, gebmonat, gebjahr) with network access and no authentication. The NVD entry IDs CVE-2006-3111 document ...