CVE-2007-2254

CVE-2007-2254 affects PHP Classifieds 6.04 (admin/setup/level2.php). The vulnerability is a PHP remote file inclusion that allows an attacker to execute arbitrary PHP code via a URL supplied to the dir parameter, indicating a remote code execution path. Root cause is improper handling of the dir ...

CVE-2006-5520

CVE-2006-5520 describes a PHP remote file inclusion vulnerability in the DeltaScripts PHP Classifieds 7.1 package. The flaw is in the file functions.php , allowing a remote attacker to execute arbitrary PHP code by supplying a URL in the set_path parameter. Attack impact is rated as high (CVSS v2...

CVE-2002-1702

CVE-2002-1702 is a cross-site scripting vulnerability in DeltaScripts PHP Classifieds 6.0.5 that allows remote attackers to execute arbitrary script as other users via the URL parameter. Documented impacts include potential integrity compromise with no confidentiality or availability impact per N...

CVE-2008-5805

CVE-2008-5805 is a SQL injection vulnerability in the DeltaScripts PHP Classifieds package (7.5 and earlier) affecting detail.php. Exploitation occurs via the siteid parameter, enabling remote attackers to execute arbitrary SQL commands. The description notes this is a different vector from CVE-2...

CVE-2006-3330

The CVE-2006-3330 entry describes a Cross-site Scripting (XSS) vulnerability in AddAsset1.php of PHP/MySQL Classifieds (PHP Classifieds). The weakness allows remote attackers to influence the application via the ProductName (Title), url, and Description parameters, potentially related to issues i...

CVE-2006-5208

CVE-2006-5208 affects PHP Classifieds 7.1. It contains SQL injection vulnerabilities in two parameters: catid_search (search.php) and catid (index.php). The underlying issue is unsanitized input allowing remote attackers to execute arbitrary SQL commands. Reported impact is that an attacker can r...

CVE-2008-5806

CVE-2008-5806 affects DeltaScripts PHP Classifieds 7.5 and earlier: a SQL injection flaw in login.php allows remote attackers to inject arbitrary SQL via the admin_username parameter (aka admin field). The vulnerability stems from unsafely constructed queries in the login handling code. Impact is...

CVE-2006-0719

The provided data confirms a SQL injection vulnerability in PHP Classifieds, affecting versions 6.18–6.20. The flaw resides in member_login.php where the (1) username parameter (used for the E-mail address field) and (2) password parameter can be leveraged by remote attackers to execute arbitrary...

CVE-2006-1532

CVE-2006-1532 is a cross-site scripting (XSS) vulnerability in the PHP Classifieds product, affecting versions 6.18 and 6.20 (and possibly other versions). The flaw resides in the search.php handler where the searchword parameter can be exploited by remote attackers to inject arbitrary web script...

CVE-2010-4914

CVE-2010-4914 concerns a PHP remote file inclusion vulnerability in PHP Classifieds 7.3, specifically in tools/phpmailer/class.phpmailer.php, where an attacker can trigger arbitrary PHP code execution via a URL supplied to the lang_path parameter. The connected documents confirm the affected comp...

CVE-2006-3329

The CVE-2006-3329 entry concerns a SQL injection in search.php of PHP/MySQL Classifieds (PHP Classifieds). The vulnerability is exploitable via the rate parameter, potentially affecting data confidentiality, integrity, and availability as indicated by CVSS v2 base metrics (AV:N/AC:L/Au:N/C:P/I:P/...

CVE-2006-5828

CVE-2006-5828 affects DeltaScripts PHP Classifieds before the 7.2/7.1 release: the vulnerable file is detail.php, where the user_id parameter is used in an SQL query, enabling remote attackers to execute arbitrary SQL commands. The entry explicitly notes a SQL injection vulnerability in DeltaScri...