CVE-2007-2971
- EPSS 1.98%
- Veröffentlicht 01.06.2007 01:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:48
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-5255
- EPSS 1.49%
- Veröffentlicht 12.10.2006 22:07:00
- Zuletzt bearbeitet 16.06.2026 22:30:50
PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined ...
CVE-2006-1346
- EPSS 7.25%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:28
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by i...
CVE-2006-1347
- EPSS 2.63%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:29
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-1348
- EPSS 1.93%
- Veröffentlicht 22.03.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:29
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this iss...
CVE-2005-3408
- EPSS 1.32%
- Veröffentlicht 01.11.2005 12:47:00
- Zuletzt bearbeitet 16.06.2026 22:16:54
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.