CVE-2008-2222
- EPSS 1.06%
- Veröffentlicht 14.05.2008 18:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:21
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
CVE-2007-3077
- EPSS 1.22%
- Veröffentlicht 06.06.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:01
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2007-3079
- EPSS 1.24%
- Veröffentlicht 06.06.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:01
listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
CVE-2007-2716
- EPSS 4.17%
- Veröffentlicht 16.05.2007 19:28:00
- Zuletzt bearbeitet 16.06.2026 22:40:10
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained fr...
CVE-2007-0760
- EPSS 2.41%
- Veröffentlicht 06.02.2007 02:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:13
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.
CVE-2006-2256
- EPSS 7.31%
- Veröffentlicht 09.05.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:24:39
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
CVE-2005-2615
- EPSS 1.28%
- Veröffentlicht 17.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:18
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.