Phenotype-Cms Phenotype Cms vulnerabilities
3 known vulnerabilities affecting phenotype-cms/phenotype_cms.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2009-3543P3HIGHCVSS 7.5PoC≤ 2.8v1.0+9 more2009-10-02
CVE-2009-3543 [HIGH] CWE-89 CVE-2009-3543: SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
nvd
CVE-2011-0407P3HIGHCVSS 7.5PoCv3.02011-01-11
CVE-2011-0407 [HIGH] CWE-89 CVE-2011-0407: SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.cla
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
nvd
CVE-2009-2951P4HIGHCVSS 7.5≤ 2.8v1.0+9 more2009-08-24
CVE-2009-2951 [HIGH] CWE-310 CVE-2009-2951: Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it ea
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
nvd