Linpha vulnerabilities
11 known vulnerabilities affecting linpha/linpha.
Total CVEs
11
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM8LOW1
Vulnerabilities
Page 1 of 1
CVE-2007-4053P3HIGHCVSS 7.5PoC≤ 1.3.12007-07-30
CVE-2007-4053 [HIGH] CVE-2007-4053: SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
nvd
CVE-2008-1856P3MEDIUMCVSS 5.1PoCv0.9.0v0.9.1+10 more2008-04-16
CVE-2008-1856 [MEDIUM] CWE-20 CVE-2008-1856: plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settin
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a r
nvd
CVE-2006-0713P4MEDIUMCVSS 5.0PoCv0.9.0v0.9.1+4 more2006-02-15
CVE-2006-0713 [MEDIUM] CVE-2006-0713: Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files v
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static cod
nvd
CVE-2004-2066P4HIGHCVSS 7.5v0.9.0v0.9.1+3 more2004-07-29
CVE-2004-2066 [HIGH] CVE-2004-2066: SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitr
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
nvd
CVE-2006-1924P4MEDIUMCVSS 6.4v1.0v1.1.02006-04-20
CVE-2006-1924 [MEDIUM] CVE-2006-1924: SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execu
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
nvd
CVE-2006-1923P4MEDIUMCVSS 5.8v1.0v1.1.02006-04-20
CVE-2006-1923 [MEDIUM] CVE-2006-1923: Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
nvd
CVE-2008-7223P4MEDIUMCVSS 4.3≤ 1.3.2v0.9.0+10 more2009-09-14
CVE-2008-7223 [MEDIUM] CWE-79 CVE-2008-7223: Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
nvd
CVE-2008-6571P4MEDIUMCVSS 4.3≤ 1.3.3v0.9.0+11 more2009-03-31
CVE-2008-6571 [MEDIUM] CWE-79 CVE-2008-6571: Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attack
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
nvd
CVE-2008-1487P4MEDIUMCVSS 4.3≤ 1.3.2v1.0+5 more2008-03-24
CVE-2008-1487 [MEDIUM] CWE-79 CVE-2008-1487: Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
nvd
CVE-2006-1848P4LOWCVSS 2.6v1.1.02006-04-19
CVE-2006-1848 [LOW] CVE-2006-1848: Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote a
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
nvd
CVE-2011-3753P4MEDIUMCVSS 5.0v1.3.42011-09-23
CVE-2011-3753 [MEDIUM] CWE-200 CVE-2011-3753: LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
nvd