Medium
CVE-2005-4551
Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to inde…
Tag: PHP
All CVEs associated with "PHP". Page 296/311 • 37316 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37316 CVEs for this tag (all time). In the last 365 days, 6066 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2005-12-28
High
CVE-2005-4554
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforu…
Medium
CVE-2005-4555
Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SP…
High
CVE-2005-4556
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote at…
Medium
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.ht…
Medium
CVE-2005-4516
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php a…
High
CVE-2005-4517
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.ph…
High
CVE-2005-4518
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_p…
High
CVE-2005-4519
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2…
Medium
CVE-2005-4521
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_tes…
Medium
CVE-2005-4522
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1…
High
CVE-2005-4527
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module paramet…
2005-12-22
High
CVE-2005-4478
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…
High
CVE-2005-4479
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.
Medium
CVE-2005-4467
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parame…
High
CVE-2005-4468
PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter.
High
CVE-2005-4469
Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_lan…
2005-12-21
High
CVE-2005-4462
PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter.
Medium
CVE-2005-4463
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php,…
Medium
CVE-2005-4460
Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to…
High
CVE-2005-4461
SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.
Medium
CVE-2005-4449
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter…
High
CVE-2005-4450
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demo…
High
CVE-2005-4447
SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter.…
Medium
CVE-2005-4433
Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Se…
Medium
CVE-2005-4435
Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this informa…
High
CVE-2005-4429
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
High
CVE-2005-4430
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.
High
CVE-2005-4431
SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE…
Medium
CVE-2005-4432
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter.
2005-12-20
High
CVE-2005-4427
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in em…
Medium
CVE-2005-4428
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
High
CVE-2005-4390
SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter.
Medium
CVE-2005-4399
Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter.
High
CVE-2005-4403
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
High
CVE-2005-4408
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem…
Medium
CVE-2005-4415
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.
High
CVE-2005-4416
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2005-4423
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, a…
Medium
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of…
Medium
CVE-2005-4379
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_g…
High
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b)…
Medium
CVE-2005-4387
Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Medium
CVE-2005-4358
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid functio…
Medium
CVE-2005-4359
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
Medium
CVE-2005-4362
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Medium
CVE-2005-4365
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in…
Medium
CVE-2005-4366
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.…
Medium
CVE-2005-4367
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain…
High
CVE-2005-4353
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.
2005-12-19
Medium
CVE-2005-4349
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: t…
Medium
CVE-2005-4346
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces…
2005-12-17
Medium
CVE-2005-4317
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to…
High
CVE-2005-4318
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter,…
Medium
CVE-2005-4319
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
Medium
CVE-2005-4320
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leak…
High
CVE-2005-4329
SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.
Medium
CVE-2005-4302
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
High
CVE-2005-4303
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
Medium
CVE-2005-4304
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these deta…
High
CVE-2005-4308
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter.
Medium
CVE-2005-4311
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.p…
High
CVE-2005-4312
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2005-4313
SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter.
2005-12-16
Medium
CVE-2005-4277
Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter.
High
CVE-2005-4286
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL…
High
CVE-2005-4287
PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php.
Medium
CVE-2005-4288
Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be…
2005-12-15
High
CVE-2005-4243
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr paramet…
Medium
CVE-2005-4248
Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers…
Medium
CVE-2005-4253
Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160.
High
CVE-2005-4254
SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2005-4260
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypa…
High
CVE-2005-4264
Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parame…
2005-12-14
High
CVE-2005-4211
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
Medium
CVE-2005-4212
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
High
CVE-2005-4213
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
Medium
CVE-2005-4214
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not…
High
CVE-2005-4218
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
Medium
CVE-2005-4219
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to settin…
High
CVE-2005-4221
SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string).
High
CVE-2005-4223
Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the…
High
CVE-2005-4224
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and x…
High
CVE-2005-4225
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc p…
High
CVE-2005-4226
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direct…
High
CVE-2005-4227
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (…
High
CVE-2005-4228
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to c…
High
CVE-2005-4230
SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter.
Medium
CVE-2005-4231
Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] paramet…
High
CVE-2005-4232
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issu…
High
CVE-2005-4233
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter.
High
CVE-2005-4234
SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2005-4235
Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.
Medium
CVE-2005-4236
Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.
Medium
CVE-2005-4238
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
Medium
CVE-2005-4239
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sK…
High
CVE-2005-4240
SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.
High
CVE-2005-4244
SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to ima…
Medium
CVE-2005-4245
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
High
CVE-2005-4246
SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.
Medium
CVE-2005-4247
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.
High
CVE-2005-4251
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and th…
2005-12-13
Medium
CVE-2005-4193
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.
High
CVE-2005-4195
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.…
Medium
CVE-2005-4196
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--Quic…
High
CVE-2005-4198
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were…
High
CVE-2005-4199
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent…
2005-12-11
Medium
CVE-2005-4167
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.
High
CVE-2005-4168
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the…
High
CVE-2005-4169
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to…
High
CVE-2005-4170
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.
High
CVE-2005-4171
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .ph…
Medium
CVE-2005-4172
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error m…
Medium
CVE-2005-4173
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
High
CVE-2005-4174
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear…
High
CVE-2005-4159
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute…
Medium
CVE-2005-4160
Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument.
Medium
CVE-2005-4161
Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and…
Medium
CVE-2005-4163
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.
High
CVE-2005-4164
SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.