CVE-2007-4253
- EPSS 0.52%
- Veröffentlicht 08.08.2007 23:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2006-6445
- EPSS 7.35%
- Veröffentlicht 10.12.2006 21:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences i...
CVE-2005-4262
- EPSS 0.42%
- Veröffentlicht 15.12.2005 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem...
CVE-2005-4263
- EPSS 0.71%
- Veröffentlicht 15.12.2005 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.