Phpraid Security Vulnerabilities and Issues — Phpraid CVE List

SpiffyjrPhpraid

8 matches found

CVE•added 2006/06/29 9:0 p.m.•225 views

CVE-2006-3317

CVE-2006-3317 describes a PHP remote file inclusion vulnerability in phpRaid 3.0.6. The flaw allows an attacker to execute arbitrary code by supplying a URL in the phpraid_dir parameter to announcements.php or rss.php. This is a distinct set of vectors/affected versions compared to CVE-2006-3316 ...

5.1CVSS7.5AI score0.16791EPSS

CVE•added 2006/06/29 9:0 p.m.•95 views

CVE-2006-3316

The connected documents confirm multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4–3.0.6 triggered by unsafely using the phpraid_dir URL parameter to include files. Specifically: CVE-2006-3116 (3.0.4/3.0.5) allows code execution via include paths in configuration.php, guilds.php,...

5.1CVSS7.6AI score0.03225EPSS

CVE•added 2006/06/29 9:0 p.m.•88 views

CVE-2006-3116

CVE-2006-3116 covers multiple PHP remote file inclusion vulnerabilities in phpRaid. Affected are phpRaid 3.0.4 and 3.0.5 (and related 3.0.6 in some vectors). The issue arises from unsafely using the phpraid_dir parameter to include files, enabling arbitrary PHP code execution when a URL is suppli...

5.1CVSS7.7AI score0.07127EPSS

CVE•added 2006/06/29 9:0 p.m.•57 views

CVE-2006-3115

The CVE-2006-3115 entry concerns phpRaid (versions around 3.0.4 onward). According to Secunia Research, there are SQL injection vulnerabilities in phpRaid's view.php where user-supplied input in the raid_id parameter is not properly sanitized before being used in SQL queries, enabling remote mani...

5.1CVSS8.4AI score0.0106EPSS

CVE•added 2006/05/09 11:0 p.m.•50 views

CVE-2006-2283

CVE-2006-2283 affects SpiffyJr phpRaid versions 2.9.5 to 3.0.b3, enabling remote PHP code execution via remote file inclusion. Exploitation vectors involve crafted URLs in phpbb_root_path (auth.php/auth_phpbb with phpBB portal enabled) and smf_root_path (auth.php/auth_SMF with SMF portal enabled)...

7.5CVSS7.7AI score0.0211EPSS

CVE•added 2006/05/26 1:0 a.m.•41 views

CVE-2006-2610

CVE-2006-2610 refers to a Cross-site Scripting (XSS) vulnerability in the phpRaid 2.9.5 application, specifically in view.php. The flaw allows remote attackers to inject arbitrary web script or HTML through the URL query string and the Sort parameter, leading to potential session hijacking or def...

2.6CVSS5.7AI score0.0122EPSS

CVE•added 2006/06/29 9:0 p.m.•41 views

CVE-2006-3318

PHPVuln CVE-2006-3318 affects phpRaid 3.0.6 (and possibly other versions) with a SQL injection in register.php. When the authorization type is phpraid, the (1) username and (2) email parameters can be used by remote attackers to execute arbitrary SQL commands. The description and connected source...

5.1CVSS8.9AI score0.0118EPSS

CVE•added 2006/06/30 8:0 p.m.•39 views

CVE-2006-3322

CVE-2006-3322 affects phpRaid 3.0.5 (and possibly other versions). The vulnerability is an SQL injection in includes/functions_logging.php, via the log_hack function, enabling remote attackers to execute arbitrary SQL commands. CVSS v2 base score 5.1 (MEDIUM) with network attack vector, high acce...

5.1CVSS8.8AI score0.01218EPSS