- EPSS 0.28%
- Veröffentlicht 24.09.2011 00:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php.
CVE-2007-1575
- EPSS 1.22%
- Veröffentlicht 21.03.2007 21:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspec...
CVE-2007-1576
- EPSS 0.89%
- Veröffentlicht 21.03.2007 21:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk...
CVE-2006-5123
- EPSS 2.32%
- Veröffentlicht 03.10.2006 04:03:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code c...
CVE-2006-4204
- EPSS 6.22%
- Veröffentlicht 17.08.2006 21:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_f...
CVE-2005-1227
- EPSS 1.05%
- Veröffentlicht 20.04.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form.
CVE-2004-2739
- EPSS 1.17%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
CVE-2004-2740
- EPSS 0.55%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
CVE-2002-1757
- EPSS 3.4%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $P...
- EPSS 0.38%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.