Pwsphp Security Vulnerabilities and Issues — Pwsphp CVE List

PwsphpPwsphp

8 matches found

CVE•added 2006/02/13 10:0 p.m.•52 views

CVE-2006-0668

CVE-2006-0668 describes an SQL injection in the PHP application PwsPHP 1.2.3, specifically via the id parameter in index.php (and possibly in message.php within the espace_membre module). The underlying issue is a lack of input validation/safe query construction, enabling remote attackers to exec...

7.5CVSS8.1AI score0.00329EPSS

CVE•added 2005/05/11 4:0 a.m.•49 views

CVE-2005-1509

The CVE-2005-1509 entry describes an SQL injection in profil.php of PwsPHP 1.2.2, exploitable via the id parameter. This relates to a vulnerability in the profiling page that allows remote attackers to execute arbitrary SQL commands. The NVD entry assigns a CVSS v2 base score of 7.5 (HIGH, networ...

7.5CVSS8.4AI score0.00619EPSS

CVE•added 2005/05/11 4:0 a.m.•47 views

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

6.8CVSS5.8AI score0.02467EPSS

CVE•added 2005/05/11 4:0 a.m.•46 views

CVE-2005-1512

CVE-2005-1512 concerns the Admin panel of PwsPHP 1.2.2 , where the upload validation for image files is inadequate. The vulnerability allows remote attackers to upload potentially arbitrary files, which could lead to arbitrary code execution on the server. The CVSS details from the entry indicate...

7.5CVSS7.8AI score0.00741EPSS

CVE•added 2006/03/01 2:0 a.m.•46 views

CVE-2006-0942

CVE-2006-0942 is an SQL injection in profil.php of PwsPHP 1.2.3 (and possibly earlier) that allows remote attackers to execute arbitrary SQL commands through the aff_news_form parameter, a vulnerability distinct from CVE-2005-1509. Connected records confirm the affected software (PwsPHP), vulnera...

7.5CVSS8.4AI score0.00619EPSS

CVE•added 2005/05/11 4:0 a.m.•41 views

CVE-2005-1511

PwsPHP 1.2.2 is affected by an authentication bypass vulnerability caused by manipulation of the Pseudo cookie, allowing remote attackers to post arbitrary comments. The issue is that authentication can be bypassed and comments posted without proper authorization. No explicit remediation details ...

7.5CVSS7.5AI score0.00532EPSS

CVE•added 2006/03/01 2:0 a.m.•40 views

CVE-2006-0943

The CVE-2006-0943 issue affects PwsPHP 1.2.3, specifically the sondages module’s index.php. The underlying vulnerability is a SQL injection via the id parameter to index.php, enabling remote attackers to execute arbitrary SQL commands. The available connected records corroborate the same descript...

7.5CVSS8.4AI score0.01076EPSS

CVE•added 2005/05/11 4:0 a.m.•38 views

CVE-2005-1510

The CVE-2005-1510 entry affects PwsPHP 1.2.2. A remote attacker can obtain partial confidential information by making a direct request to the admin directory, triggering an error message that reveals the path. The issue is described as an information-disclosure bug in the admin directory handling...

7.5CVSS6.5AI score0.00717EPSS