3 matches found
CVE-2009-2096
The CVE-2009-2096 entry describes an SQL injection in phpCollegeExchange 0.1.5c affecting house/listing_view.php via the itemnr parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. Documented impact is partial confidentiality/integrity/availability, with a ba...
CVE-2009-2218
Multiple PHP remote file inclusion vulnerabilities affect phpCollegeExchange 0.1.5c when register_globals is enabled. The flaws allow an attacker to trigger arbitrary PHP code execution by supplying a URL in the home parameter to several PHP scripts (i_head.php, i_nav.php, user_new_2.php, house/m...
CVE-2009-2219
CVE-2009-2219 : The connected records show concrete details. Multiple XSS vulnerabilities affect phpCollegeExchange 0.1.5c. Attackers can inject arbitrary web script or HTML through input vectors in the PHP files under the books/ directory: (1) _SESSION[handle] in home.php, books/allbooks.php, an...