CVE-2006-6154

The CVE-2006-6154 entry affects HIOX Star Rating System Script (HSRS) version 1.0 and earlier, with a PHP remote file inclusion flaw in addcode.php that allows an attacker to execute arbitrary PHP code via a URL parameter hm. This is described across NVD records; the base CVSSv2 score is 7.5 (HIG...

CVE-2006-6155

CVE-2006-6155 involves multiple SQL injection vulnerabilities in addrating.php of the HIOX Star Rating System Script (HSRS) 1.0 and earlier. The flaws allow remote attackers to inject and execute arbitrary SQL commands via the (1) ipadd or (2) url parameters. The description notes this informatio...

CVE-2006-6156

The CVE-2006-6156 entry describes a Cross-site scripting (XSS) vulnerability in the HIOX Star Rating System Script (HSRS) up to version 1.0, with the flaw located in auth/message.php and exploitable via the PHP_SELF query string. The underlying cause is unencoded user input that allows arbitrary ...