CVE-2008-6907
- EPSS 0.91%
- Veröffentlicht 06.08.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:12
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible...
CVE-2008-6901
- EPSS 1.92%
- Veröffentlicht 06.08.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:11
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langu...
CVE-2008-6902
- EPSS 3.27%
- Veröffentlicht 06.08.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:12
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
- EPSS 1.86%
- Veröffentlicht 20.02.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:47
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.
CVE-2007-4585
- EPSS 2.9%
- Veröffentlicht 29.08.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:22
Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.