Myphpscripts Login Session vulnerabilities
2 known vulnerabilities affecting myphpscripts/login_session.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2008-5855P3MEDIUMCVSS 5.0PoCv2.02009-01-06
CVE-2008-5855 [MEDIUM] CWE-264 CVE-2008-5855: myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient acc
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
nvd
CVE-2008-5854P4MEDIUMCVSS 4.3PoCv2.02009-01-06
CVE-2008-5854 [MEDIUM] CWE-79 CVE-2008-5854: Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 a
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.
nvd