6 matches found
CVE-2007-6670
CVE-2007-6670 corresponds to a SQL injection in PHCDownload 1.1.0. The vulnerable element is search.php, where the string parameter is unsafely used in SQL queries, enabling remote attackers to execute arbitrary SQL commands. This affects PHCDownload 1.1.0 as described in multiple sources. The do...
CVE-2007-6669
CVE-2007-6669 describes a Cross-site Scripting (XSS) vulnerability in the search.php component of PHCDownload 1.1.0 . The issue allows remote attackers to inject arbitrary web script or HTML by supplying the attacker-controlled string parameter, enabling potential user session or browser context ...
CVE-2008-6597
PHCDownload 1.1 is affected by a cross-site scripting (XSS) vulnerability in upload/install/index.php, exploitable via the step parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Affected component is PHCDownload 1.1; root cause is improper handling of the step p...
CVE-2007-6588
The provided records indicate a Cross-site scripting (XSS) vulnerability in PHCDownload 1.10, exploitable via the username field in an unspecified component. Affected software: PHCDownload 1.10. Root cause: inadequate sanitization of the username input leading to script/HTML injection. Impact: po...
CVE-2008-6596
CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...
CVE-2006-3525
CVE-2006-3525 affects PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier. The issue is an SQL injection in category.php allowing remote attackers to modify/execute arbitrary SQL via the id parameter. Documented impact: partial confidentiality, integrity, and availability consequenc...