3 matches found
CVE-2003-1086
CVE-2003-1086 is a PHP remote file inclusion vulnerability in pm/lib.inc.php affecting pMachine Free and pMachine Pro 2.2/2.2.1. The issue arises from unvalidated pm_path, allowing an attacker to reference a remote URL containing PHP code and execute it on the server. Impact is remote code execut...
CVE-2005-0513
The CVE-2005-0513 issue is a PHP remote file inclusion in the Email This Entry add-on for pMachine Pro 2.4 (and possibly other pMachine Free variants) via mail_autocheck.php. An attacker can set pm_path to a URL containing PHP code, enabling arbitrary code execution on the remote server. The rela...
CVE-2008-0334
CVE-2008-0334 affects PMachine Pro 2.4.1. The vulnerability is an XSS in the Spanish language preferences page (pm/language/spanish/preferences.php) exploitable via the L_PREF_NAME[855] parameter, allowing remote attackers to inject arbitrary web script or HTML. The CVSS metrics indicate a low ba...