cbcvebase.

Interchange Development Group Interchange vulnerabilities

5 known vulnerabilities affecting interchange_development_group/interchange.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2004-0374P4MEDIUMCVSS 6.4PoCv4.8.1v4.8.2+8 more2004-05-04
CVE-2004-0374 [MEDIUM] CVE-2004-0374: Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
nvd
CVE-2005-3072P3HIGHCVSS 7.5v4.9.3v4.9.4+10 more2005-09-27
CVE-2005-3072 [HIGH] CVE-2005-3072: SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remot SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
nvd
CVE-2008-2423P4CRITICALCVSS 10.0v4.8.0v4.8.1+25 more2008-05-23
CVE-2008-2423 [CRITICAL] CVE-2008-2423: Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to ca Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
nvd
CVE-2007-2635P4HIGHCVSS 7.8v5.4.12007-05-13
CVE-2007-2635 [HIGH] CVE-2007-2635: Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecifie Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
nvd
CVE-2005-3073P4MEDIUMCVSS 5.0v4.9.3v5.0+1 more2005-09-27
CVE-2005-3073 [MEDIUM] CVE-2005-3073: Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, wh Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.
nvd
Interchange Development Group Interchange vulnerabilities | cvebase