2 matches found
CVE-2006-0074
CVE-2006-0074 describes an SQL injection in PHPenpals’ profile.php via the personalID parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Connected sources indicate that the issue affects profile.php and note that 1.1 and earlier versions are affected; this vec...
CVE-2009-1814
CVE-2009-1814 describes an SQL injection in mail.php of PHPenpals (v1.1 and earlier) allowing remote SQL command execution via the ID parameter. Consequences and patch details are not provided here beyond noting that the profile.php vector is covered by CVE-2006-0074; the connected records indica...