W-agora

W-agora

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-4868

Exploit
  • EPSS 1.54%
  • Veröffentlicht 05.10.2011 10:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.

7.5

CVE-2010-4867

Exploit
  • EPSS 1.1%
  • Veröffentlicht 05.10.2011 10:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.

7.5

CVE-2008-1466

Exploit
  • EPSS 0.82%
  • Veröffentlicht 24.03.2008 21:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5)...

7.5

CVE-2007-6647

  • EPSS 0.46%
  • Veröffentlicht 04.01.2008 11:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

5

CVE-2007-1607

Exploit
  • EPSS 0.59%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.

4.3

CVE-2007-1606

  • EPSS 1%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, o...

5

CVE-2007-1605

Exploit
  • EPSS 0.54%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to ...

7.5

CVE-2007-1604

Exploit
  • EPSS 5.08%
  • Veröffentlicht 22.03.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using br...

5

CVE-2007-0606

Exploit
  • EPSS 0.57%
  • Veröffentlicht 21.03.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error messag...

4.3

CVE-2007-0607

Exploit
  • EPSS 0.51%
  • Veröffentlicht 20.03.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.