Phpslash vulnerabilities
4 known vulnerabilities affecting phpslash/phpslash.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-0517P2CRITICALCVSS 10.0PoC≤ 0.8.1.1v0.5.3.2+9 more2009-02-11
CVE-2009-0517 [CRITICAL] CWE-94 CVE-2009-0517: Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
nvd
CVE-2005-4479P3HIGHCVSS 7.5PoCv0.8.12005-12-22
CVE-2005-4479 [HIGH] CVE-2005-4479: SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.
nvd
CVE-2001-1334P4MEDIUMCVSS 5.0PoCv0.5.3.2v0.6.12002-05-19
CVE-2001-1334 [MEDIUM] CVE-2001-1334: Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privile
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
nvd
CVE-2005-2257P3CRITICALCVSS 10.0v0.8.02005-07-13
CVE-2005-2257 [CRITICAL] CVE-2005-2257: The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
nvd