4 matches found
CVE-2007-1293
CVE-2007-1293 concerns a SQL injection in Rigter Portal System (RPS) 6.2 when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to inject arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), with a possible relation to ver_descarga.php. The NV...
CVE-2006-7085
CVE-2006-7085 affects Rigter Portal System (RPS) 1.0, 2.0 and 3.0. A direct request to add_art.php enables remote attackers to add arbitrary content and perform XSS. The entry notes that the issue was originally reported as SQL injection, but that is unlikely. No exploitation details, affected ve...
CVE-2006-7083
The CVE-2006-7083 entry details a directory traversal flaw in Rigter Portal System (RPS) versions 1.0, 2.0, and 3.0 affecting index.php. An attacker can use ".." sequences in the id parameter to read arbitrary files. The description notes remote attack capability but does not provide exploit code...
CVE-2006-7082
Rigter Portal System (RPS) versions 1.0–3.0 are affected by an authentication bypass vulnerability that allows remote attackers to upload arbitrary files via direct requests to adm/photos/images.php and adm/down/files.php. The CVE entry confirms unauthenticated access with potential partial confi...