cbcvebase.

Alstrasoft E-Friends vulnerabilities

6 known vulnerabilities affecting alstrasoft/e-friends.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2007-2824P3CRITICALCVSS 10.0PoC≤ 4.212007-05-22
CVE-2007-2824 [CRITICAL] CVE-2007-2824: SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote att SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
nvd
CVE-2006-4913P3HIGHCVSS 7.5PoCv4.852006-09-21
CVE-2006-4913 [HIGH] CVE-2006-4913: Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows re Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
nvd
CVE-2007-6106P3HIGHCVSS 7.5PoC≤ 4.982007-11-23
CVE-2007-6106 [HIGH] CWE-89 CVE-2007-6106: SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote atta SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
nvd
CVE-2005-3062P4HIGHCVSS 7.5v4.02005-09-27
CVE-2005-3062 [HIGH] CVE-2005-3062: PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attac PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.
nvd
CVE-2007-4080P4MEDIUMCVSS 6.4v4.02007-07-30
CVE-2007-4080 [MEDIUM] CVE-2007-4080: Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers t Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
nvd
CVE-2006-2564P4MEDIUMCVSS 4.3v4.02006-05-24
CVE-2006-2564 [MEDIUM] CVE-2006-2564: Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remot Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
nvd
Alstrasoft E-Friends vulnerabilities | cvebase