cbcvebase.

Phpcredo Phcdownload vulnerabilities

6 known vulnerabilities affecting phpcredo/phcdownload.

Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2007-6670P3HIGHCVSS 7.5PoCv1.12008-01-08
CVE-2007-6670 [HIGH] CWE-89 CVE-2007-6670: SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute ar SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
nvd
CVE-2008-6596P3HIGHCVSS 7.5PoCv1.12009-04-03
CVE-2008-6596 [HIGH] CWE-89 CVE-2008-6596: SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2008-6597P4MEDIUMCVSS 4.3PoCv1.12009-04-03
CVE-2008-6597 [MEDIUM] CWE-79 CVE-2008-6597: Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remot Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2007-6669P4MEDIUMCVSS 4.3PoCv1.12008-01-08
CVE-2007-6669 [MEDIUM] CWE-79 CVE-2007-6669: Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
nvd
CVE-2006-3525P4HIGHCVSS 7.5≤ 1.0.0_release_candidate_6v1.0.0_final2006-07-12
CVE-2006-3525 [HIGH] CVE-2006-3525: SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2007-6588P4MEDIUMCVSS 4.3v1.102007-12-28
CVE-2007-6588 [MEDIUM] CWE-79 CVE-2007-6588: Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbit Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
Phpcredo Phcdownload vulnerabilities | cvebase