2 matches found
CVE-2008-6917
The CVE-2008-6917 entry documents an SQL injection in Exocrew ExoPHPDesk 1.2 Final, specifically in admin.php via the username (user) parameter. Remote attackers could execute arbitrary SQL commands, with potential impact on data confidentiality, integrity, and availability as indicated by the CV...
CVE-2011-3736
Affected software: ExoPHPDesk 1.2.1. The vulnerability is an information-disclosure flaw where requesting certain PHP files (e.g., upgrades/upgrade9.php and similar) can leak the installation path via an error message. Root cause is exposure of path information in responses, leading to potential ...