CVE Daily
← All tags

Tag: PHP

All CVEs associated with "PHP". Page 302/311 • 37316 CVEs.

Subscribe CVEs: RSS for “PHP”  ·  RSS (High+Critical only)

About “PHP”

A curated feed of “PHP”-related CVEs appears below. We currently track 37316 CVEs for this tag (all time). In the last 365 days, 6066 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2005-06-09
High

CVE-2005-1964

PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-06-07
High

CVE-2005-1869

PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-06-06
Medium

CVE-2005-1877

Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid para…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP co…

CVSS: 7.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2005-1885

view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
2005-06-02
Medium

CVE-2005-1840

Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the la…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1875

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage…

CVSS: 7.5 CWE: N/A View on NVD
2005-06-01
High

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat par…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1811

Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1817

Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1820

zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1821

PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1822

Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4)…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1823

Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3)…

CVSS: 4.3 CWE: N/A View on NVD
2005-05-31
High

CVE-2005-1777

SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2005-1778

Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2005-1832

Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to on…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1866

Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.

CVSS: 4.3 CWE: N/A View on NVD
2005-05-29
Medium

CVE-2005-1803

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php,…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1804

Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.…

CVSS: 7.5 CWE: N/A View on NVD
2005-05-28
Medium

CVE-2005-1800

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to ind…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1807

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-27
High

CVE-2005-1787

setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2005-05-26
Medium

CVE-2005-1782

Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_revi…

CVSS: 4.3 CWE: N/A View on NVD
2005-05-24
High

CVE-2005-1694

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2005-1695

Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url paramete…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2005-1696

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.ph…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2005-1697

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.

CVSS: 5.0 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Medium

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5)…

CVSS: 5.0 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Medium

CVE-2005-1699

Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2005-1700

SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1715

Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (…

CVSS: 4.3 CWE: N/A View on NVD
2005-05-20
High

CVE-2005-1681

PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1687

SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-05-19
Medium

CVE-2005-1672

Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1674

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2005-05-18
Medium

CVE-2005-1644

Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livre…

CVSS: 6.8 CWE: N/A View on NVD
2005-05-17
High

CVE-2005-1629

SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1631

booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1633

Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) yea…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1634

Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1635

JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_port…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1637

Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php.

CVSS: 7.5 CWE: N/A View on NVD
2005-05-16
High

CVE-2005-1193

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary scri…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1593

Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1594

SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2005-1596

index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2005-1597

Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the h…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1604

PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", w…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1610

Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1612

SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1613

Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2005-1614

Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1615

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly du…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1616

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path i…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1621

Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter t…

CVSS: 5.0 CWE: N/A View on NVD
2005-05-14
High

CVE-2005-1548

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1554

SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1581

Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when p…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1582

Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire vari…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1583

1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1584

Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-1587

Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.

CVSS: 4.3 CWE: N/A View on NVD
2005-05-12
High

CVE-2005-1567

SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1568

topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-11
High

CVE-2005-1479

SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1486

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.ph…

CVSS: 5.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2005-1487

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE:…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2005-1497

index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1498

Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3)…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-1499

delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1500

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdat…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2005-1501

MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1502

Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2)…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1503

Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1506

SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1508

Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbr…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1509

SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1580

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1585

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory paramet…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1588

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issu…

CVSS: 7.5 CWE: N/A View on NVD
2005-05-04
High

CVE-2005-0676

index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.

CVSS: 7.5 CWE: N/A View on NVD
2005-05-03
High

CVE-2005-1373

Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1374

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exer…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1375

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2)…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1376

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1377

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1378

SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, a…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1386

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1397

SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1398

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are al…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2005-1403

Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php,…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1436

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2005-1437

Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1438

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1439

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1440

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nick…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2005-1443

Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2005-1444

Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name paramet…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2005-1445

Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2005-1446

SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1447

PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2005-1449

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2005-1451

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

CVSS: 7.5 CWE: N/A View on NVD
2005-05-02
High

CVE-2005-0200

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulne…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2005-0214

Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0216

Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-0217

SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0219

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2005-0220

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0222

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0239

viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0251

Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2005-0253

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the…

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-0264

Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2005-0265

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

CVSS: 7.5 CWE: N/A View on NVD