Lucene search

K
PhlatlinePersonal Information Manager

5 matches found

CVE
CVE
added 2008/10/03 10:22 p.m.44 views

CVE-2008-4428

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

10CVSS7.7AI score0.06031EPSS
CVE
CVE
added 2008/10/03 10:22 p.m.40 views

CVE-2008-4425

Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.

8.8CVSS6.7AI score0.02133EPSS
CVE
CVE
added 2008/10/09 6:14 p.m.38 views

CVE-2008-4528

Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.

7.5CVSS7.1AI score0.01464EPSS
CVE
CVE
added 2008/10/03 10:22 p.m.36 views

CVE-2008-4427

changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

7.5CVSS6.8AI score0.02004EPSS
CVE
CVE
added 2008/10/03 10:22 p.m.33 views

CVE-2008-4426

Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.

4.3CVSS5.7AI score0.00373EPSS