Phpcredo Phcdownload vulnerabilities
6 known vulnerabilities affecting phpcredo/phcdownload.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2007-6670P3HIGHCVSS 7.5PoCv1.12008-01-08
CVE-2007-6670 [HIGH] CWE-89 CVE-2007-6670: SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute ar
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
nvd
CVE-2008-6596P3HIGHCVSS 7.5PoCv1.12009-04-03
CVE-2008-6596 [HIGH] CWE-89 CVE-2008-6596: SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2008-6597P4MEDIUMCVSS 4.3PoCv1.12009-04-03
CVE-2008-6597 [MEDIUM] CWE-79 CVE-2008-6597: Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remot
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2007-6669P4MEDIUMCVSS 4.3PoCv1.12008-01-08
CVE-2007-6669 [MEDIUM] CWE-79 CVE-2007-6669: Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
nvd
CVE-2006-3525P4HIGHCVSS 7.5≤ 1.0.0_release_candidate_6v1.0.0_final2006-07-12
CVE-2006-3525 [HIGH] CVE-2006-3525: SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6
SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2007-6588P4MEDIUMCVSS 4.3v1.102007-12-28
CVE-2007-6588 [MEDIUM] CWE-79 CVE-2007-6588: Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbit
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd