CVE-2007-4253
- EPSS 1.03%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:41
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2006-6445
- EPSS 6.32%
- Veröffentlicht 10.12.2006 21:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:08
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences i...
CVE-2005-4262
- EPSS 1.01%
- Veröffentlicht 15.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:28
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem...
CVE-2005-4263
- EPSS 1.14%
- Veröffentlicht 15.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:28
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.