Accomplishtechnology Phpmydirectory vulnerabilities
6 known vulnerabilities affecting accomplishtechnology/phpmydirectory.
Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-2521P3HIGHCVSS 7.5PoC≤ 10.4.4v1.0+30 more2006-05-22
CVE-2006-2521 [HIGH] CWE-94 CVE-2006-2521: PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remo
PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
nvd
CVE-2012-5288P3HIGHCVSS 7.5PoCv1.3.32012-10-04
CVE-2012-5288 [HIGH] CWE-89 CVE-2012-5288: SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute a
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2005-0896P4MEDIUMCVSS 4.3PoCv10.1.32005-05-02
CVE-2005-0896 [MEDIUM] CWE-79 CVE-2005-0896: Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow
Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
nvd
CVE-2006-4756P4HIGHCVSS 7.5≤ 10.4.6v1.0+32 more2006-09-13
CVE-2006-4756 [HIGH] CWE-89 CVE-2006-4756: SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attacker
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
nvd
CVE-2006-3138P4MEDIUMCVSS 4.3≤ 10.4.5v1.0+31 more2006-06-22
CVE-2006-3138 [MEDIUM] CWE-79 CVE-2006-3138: Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remot
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
nvd
CVE-2006-4755P4MEDIUMCVSS 4.3≤ 10.4.6v1.0+32 more2006-09-13
CVE-2006-4755 [MEDIUM] CWE-79 CVE-2006-4755: Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows re
Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
nvd