Agares Media Phpautovideo vulnerabilities
5 known vulnerabilities affecting agares_media/phpautovideo.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2008-0433P3HIGHCVSS 7.5PoC≤ 2.212008-01-23
CVE-2008-0433 [HIGH] CVE-2008-0433: PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAu
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
nvd
CVE-2007-6614P3MEDIUMCVSS 6.8PoCv2.212008-01-03
CVE-2007-6614 [MEDIUM] CWE-94 CVE-2007-6614: PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.
nvd
CVE-2008-0262P3HIGHCVSS 7.5PoCv2.212008-01-15
CVE-2008-0262 [HIGH] CWE-89 CVE-2008-0262: SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote a
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
nvd
CVE-2007-6615P3MEDIUMCVSS 6.8PoCv2.212008-01-03
CVE-2007-6615 [MEDIUM] CWE-94 CVE-2007-6615: Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows rem
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.
nvd
CVE-2008-0432P4MEDIUMCVSS 4.3PoC≤ 2.212008-01-23
CVE-2008-0432 [MEDIUM] CWE-79 CVE-2008-0432: Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
nvd