CVE-2006-4877

The CVE-2006-4877 entry concerns David Bennett PHP-Post (PHPp) 1.0 and earlier, where a variable overwrite vulnerability exists due to the use of PHP extract in multiple vectors. The affected components are the PHPp pages index.php, profile.php, and header.php, with the demonstrated vector involv...

CVE-2006-4880

CVE-2006-4880 affects PHP-Post (PHPp) 1.0 and earlier. Affected components (footer.php, template.php, lastvisit.php) can disclose installation path via direct requests, through error messages generated by these scripts. Root cause is information disclosure in error handling/response content. Repo...

CVE-2006-4881

CVE-2006-4881 concerns multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier. The issues allow remote attackers to inject arbitrary web script/HTML through specific parameters across several pages: (1) replyuser in pm.php; (2) txt_jumpto in dropdown....

CVE-2006-4879

The CVE-2006-4879 entry documents a SQL injection vulnerability in the PHPp 1.0 (David Bennett PHP-Post) profile.php where the user parameter allows remote arbitrary SQL execution. Affected component: profile.php in PHP-Post (PHPp) 1.0 and earlier. Root cause: unsafely interpolated user input in ...

CVE-2006-4878

The CVE-2006-4878 issue affects PHPp (David Bennett PHP-Post) 1.0 and earlier, with a directory traversal vulnerability in footer.php. A remote attacker can read arbitrary local files by manipulating the template parameter to include a .. sequence. The note indicates exposure was later reported t...