Lucene search
K
PhpcredoPhcdownload

6 matches found

CVE
CVE
added 2008/01/08 2:0 a.m.57 views

CVE-2007-6670

CVE-2007-6670 corresponds to a SQL injection in PHCDownload 1.1.0. The vulnerable element is search.php, where the string parameter is unsafely used in SQL queries, enabling remote attackers to execute arbitrary SQL commands. This affects PHCDownload 1.1.0 as described in multiple sources. The do...

7.5CVSS8.4AI score0.00971EPSS
CVE
CVE
added 2008/01/08 2:0 a.m.49 views

CVE-2007-6669

CVE-2007-6669 describes a Cross-site Scripting (XSS) vulnerability in the search.php component of PHCDownload 1.1.0 . The issue allows remote attackers to inject arbitrary web script or HTML by supplying the attacker-controlled string parameter, enabling potential user session or browser context ...

4.3CVSS5.7AI score0.01497EPSS
CVE
CVE
added 2009/04/03 6:0 p.m.48 views

CVE-2008-6597

PHCDownload 1.1 is affected by a cross-site scripting (XSS) vulnerability in upload/install/index.php, exploitable via the step parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Affected component is PHCDownload 1.1; root cause is improper handling of the step p...

4.3CVSS5.7AI score0.01178EPSS
Web
CVE
CVE
added 2007/12/28 9:0 p.m.46 views

CVE-2007-6588

The provided records indicate a Cross-site scripting (XSS) vulnerability in PHCDownload 1.10, exploitable via the username field in an unspecified component. Affected software: PHCDownload 1.10. Root cause: inadequate sanitization of the username input leading to script/HTML injection. Impact: po...

4.3CVSS5.6AI score0.01022EPSS
CVE
CVE
added 2009/04/03 6:0 p.m.46 views

CVE-2008-6596

CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...

7.5CVSS8.3AI score0.00961EPSS
Web
CVE
CVE
added 2006/07/12 12:0 a.m.44 views

CVE-2006-3525

CVE-2006-3525 affects PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier. The issue is an SQL injection in category.php allowing remote attackers to modify/execute arbitrary SQL via the id parameter. Documented impact: partial confidentiality, integrity, and availability consequenc...

7.5CVSS8.8AI score0.01093EPSS