David Bennett Php-Post vulnerabilities
5 known vulnerabilities affecting david_bennett/php-post.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2006-4877P4MEDIUMCVSS 5.0PoC≤ 1.02006-09-19
CVE-2006-4877 [MEDIUM] CVE-2006-4877: Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote atta
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
nvd
CVE-2006-4881P4MEDIUMCVSS 4.3PoC≤ 1.02006-09-19
CVE-2006-4881 [MEDIUM] CVE-2006-4881: Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier
Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split paramete
nvd
CVE-2006-4879P3HIGHCVSS 7.5≤ 1.02006-09-19
CVE-2006-4879 [HIGH] CVE-2006-4879: SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows r
SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
nvd
CVE-2006-4878P4MEDIUMCVSS 5.0≤ 1.0.12006-09-19
CVE-2006-4878 [MEDIUM] CVE-2006-4878: Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier all
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
nvd
CVE-2006-4880P4MEDIUMCVSS 5.0≤ 1.02006-09-19
CVE-2006-4880 [MEDIUM] CVE-2006-4880: David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive informatio
David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
nvd