David Degner Phpcollegeexchange vulnerabilities
3 known vulnerabilities affecting david_degner/phpcollegeexchange.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-2096P3HIGHCVSS 7.5PoCv0.1.5c2009-06-17
CVE-2009-2096 [HIGH] CWE-89 CVE-2009-2096: SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote att
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
nvd
CVE-2009-2218P3MEDIUMCVSS 6.8PoCv0.1.5c2009-06-25
CVE-2009-2218 [MEDIUM] CWE-94 CVE-2009-2218: Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globa
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: hou
nvd
CVE-2009-2219P4MEDIUMCVSS 4.3PoCv0.1.5c2009-06-25
CVE-2009-2219 [MEDIUM] CWE-79 CVE-2009-2219: Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attack
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_na
nvd