- EPSS 61.62%
- Veröffentlicht 11.02.2009 00:30:03
- Zuletzt bearbeitet 09.04.2025 00:30:58
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.c...
CVE-2005-4479
- EPSS 0.42%
- Veröffentlicht 22.12.2005 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.
- EPSS 1.19%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
- EPSS 6.96%
- Veröffentlicht 19.05.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.