CVE-2008-2222
- EPSS 0.36%
- Veröffentlicht 14.05.2008 18:20:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
CVE-2007-3077
- EPSS 1.46%
- Veröffentlicht 06.06.2007 10:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2007-3079
- EPSS 0.39%
- Veröffentlicht 06.06.2007 10:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
CVE-2007-2716
- EPSS 3.67%
- Veröffentlicht 16.05.2007 19:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained fr...
CVE-2007-0760
- EPSS 6.54%
- Veröffentlicht 06.02.2007 02:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.
CVE-2006-2256
- EPSS 12.76%
- Veröffentlicht 09.05.2006 10:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
CVE-2005-2615
- EPSS 0.53%
- Veröffentlicht 17.08.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.