cbcvebase.

Accomplishtechnology Phpmydirectory vulnerabilities

6 known vulnerabilities affecting accomplishtechnology/phpmydirectory.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2006-2521P3HIGHCVSS 7.5PoC≤ 10.4.4v1.0+30 more2006-05-22
CVE-2006-2521 [HIGH] CWE-94 CVE-2006-2521: PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remo PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
nvd
CVE-2012-5288P3HIGHCVSS 7.5PoCv1.3.32012-10-04
CVE-2012-5288 [HIGH] CWE-89 CVE-2012-5288: SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute a SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2005-0896P4MEDIUMCVSS 4.3PoCv10.1.32005-05-02
CVE-2005-0896 [MEDIUM] CWE-79 CVE-2005-0896: Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
nvd
CVE-2006-4756P4HIGHCVSS 7.5≤ 10.4.6v1.0+32 more2006-09-13
CVE-2006-4756 [HIGH] CWE-89 CVE-2006-4756: SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attacker SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
nvd
CVE-2006-3138P4MEDIUMCVSS 4.3≤ 10.4.5v1.0+31 more2006-06-22
CVE-2006-3138 [MEDIUM] CWE-79 CVE-2006-3138: Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remot Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
nvd
CVE-2006-4755P4MEDIUMCVSS 4.3≤ 10.4.6v1.0+32 more2006-09-13
CVE-2006-4755 [MEDIUM] CWE-79 CVE-2006-4755: Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows re Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
nvd
Accomplishtechnology Phpmydirectory vulnerabilities | cvebase