2 matches found
CVE-2005-2819
CVE-2005-2819 affects DownFile 1.3. Remote attackers can gain administrator privileges through direct HTTP requests to update.php, del.php, and add_form.php. The provided materials describe the affected components and impact but do not specify the underlying root cause or a verified exploit metho...
CVE-2005-2818
CVE-2005-2818 concerns a cross-site scripting (XSS) vulnerability in DownFile 1.3. The issue arises from unvalidated input in the id parameter passed to four PHP scripts (email.php, index.php, del.php, add_form.php), enabling remote attackers to inject arbitrary JavaScript/HTML. The available doc...