David Bennett

Php-post

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2006-4877

  • EPSS 7.18%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1...

5

CVE-2006-4878

  • EPSS 1.62%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported t...

7.5

CVE-2006-4879

  • EPSS 0.75%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

5

CVE-2006-4880

  • EPSS 0.77%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.

4.3

CVE-2006-4881

  • EPSS 3.53%
  • Veröffentlicht 19.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) drop...