3 matches found
CVE-2007-6567
CVE-2007-6567 affects XZero Community Classifieds up to version 4.95.11. The vulnerability resides in the script index.php where a directory traversal can be triggered via a pagename parameter in a page view action, allowing an attacker to include and execute arbitrary local files. This can impac...
CVE-2007-6568
CVE-2007-6568 describes a PHP remote file inclusion vulnerability in the config.inc.php file of XZero Community Classifieds 4.95.11 and earlier . The issue allows remote attackers to execute arbitrary PHP code via a URL supplied in the path_escape parameter. The NVD metrics indicate a base score ...
CVE-2007-6566
CVE-2007-6566 describes an SQL injection in post.php of XZero Community Classifieds 4.95.11 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. The NVD entry lists a CVSS v2 base score of 7.5 (High). No exploitation det...