Phlatline

Personal Information Manager

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-4528

Exploit
  • EPSS 5.01%
  • Veröffentlicht 09.10.2008 18:14:15
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.

8.8

CVE-2008-4425

  • EPSS 4.61%
  • Veröffentlicht 03.10.2008 22:22:44
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.

4.3

CVE-2008-4426

  • EPSS 1.25%
  • Veröffentlicht 03.10.2008 22:22:44
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.

7.5

CVE-2008-4427

  • EPSS 6.07%
  • Veröffentlicht 03.10.2008 22:22:44
  • Zuletzt bearbeitet 09.04.2025 00:30:58

changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

10

CVE-2008-4428

  • EPSS 7.18%
  • Veröffentlicht 03.10.2008 22:22:44
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in ...