Mkportal

Mkportal

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-6467

Exploit
  • EPSS 0.31%
  • Veröffentlicht 20.12.2007 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.

7.5

CVE-2007-3814

  • EPSS 2.39%
  • Veröffentlicht 17.07.2007 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (...

7.5

CVE-2007-3637

  • EPSS 0.48%
  • Veröffentlicht 10.07.2007 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that ...

6.8

CVE-2007-0191

  • EPSS 1.01%
  • Veröffentlicht 12.01.2007 05:04:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

7.5

CVE-2007-0192

  • EPSS 0.72%
  • Veröffentlicht 12.01.2007 05:04:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained...

7.8

CVE-2007-0194

  • EPSS 0.42%
  • Veröffentlicht 12.01.2007 05:04:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

5.8

CVE-2006-6741

  • EPSS 0.28%
  • Veröffentlicht 26.12.2006 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.

5

CVE-2006-5139

  • EPSS 0.34%
  • Veröffentlicht 03.10.2006 04:03:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.

4.3

CVE-2006-4665

  • EPSS 0.43%
  • Veröffentlicht 09.09.2006 00:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third pa...

7.5

CVE-2006-3554

Exploit
  • EPSS 1.53%
  • Veröffentlicht 13.07.2006 00:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inje...