CVE-2007-2971
- EPSS 2%
- Veröffentlicht 01.06.2007 01:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-5255
- EPSS 1.68%
- Veröffentlicht 12.10.2006 22:07:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined ...
CVE-2006-1346
- EPSS 8.6%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by i...
CVE-2006-1347
- EPSS 1.36%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-1348
- EPSS 8.85%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this iss...
CVE-2005-3408
- EPSS 0.89%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.