Kreotek Phpbms vulnerabilities
3 known vulnerabilities affecting kreotek/phpbms.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-3754P3HIGHCVSS 7.5PoCv0.962009-10-22
CVE-2009-3754 [HIGH] CWE-89 CVE-2009-3754: Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQ
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
nvd
CVE-2009-3755P4MEDIUMCVSS 4.3PoCv0.962009-10-22
CVE-2009-3755 [MEDIUM] CWE-79 CVE-2009-3755: Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\.
nvd
CVE-2009-3756P4MEDIUMCVSS 5.0PoCv0.962009-10-22
CVE-2009-3756 [MEDIUM] CWE-200 CVE-2009-3756: phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) foot
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
nvd