2 matches found
CVE-2009-2180
The CVE-2009-2180 issue affects Pc4 Uploader 10.0 and earlier, in the upfiles/index.php component. The vulnerability is a directory-traversal flaw that allows a remote attacker to read arbitrary files by manipulating the file parameter with input such as .. or an absolute path. This results in Pa...
CVE-2009-1742
CVE-2009-1742 affects PC4Arb Pc4 Uploader 9.0 and earlier. The vulnerability is an SQL injection in code.php via the id parameter in a banner action, where a crafted keyword sequence bypasses a filter in filter_sql (e.g., UNIunionON collapses to UNION). This enables remote attackers to inject SQL...