David Bennett

Php-post

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2006-4877

  • EPSS 12.62%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1...

5

CVE-2006-4878

  • EPSS 2.35%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported t...

7.5

CVE-2006-4879

  • EPSS 0.75%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

5

CVE-2006-4880

  • EPSS 0.91%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.

4.3

CVE-2006-4881

  • EPSS 3.53%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) drop...