cbcvebase.

Vastal Phpvid vulnerabilities

5 known vulnerabilities affecting vastal/phpvid.

Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2013-5311P3HIGHCVSS 7.5PoCv1.2.32013-08-19
CVE-2013-5311 [HIGH] CVE-2013-5311: Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execu Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
nvd
CVE-2008-4157P3HIGHCVSS 7.5PoCv1.12008-09-22
CVE-2008-4157 [HIGH] CWE-89 CVE-2008-4157: SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to exe SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
nvd
CVE-2013-5312P4MEDIUMCVSS 4.3PoCv1.2.32013-08-19
CVE-2013-5312 [MEDIUM] CWE-79 CVE-2013-5312: Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attac Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
nvd
CVE-2015-2563P3HIGHCVSS 7.5v0.9.9v1.2.32015-03-20
CVE-2015-2563 [HIGH] CVE-2015-2563: SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote atta SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
nvd
CVE-2008-2335P4MEDIUMCVSS 4.3PoCv1.1v1.22008-05-19
CVE-2008-2335 [MEDIUM] CWE-79 CVE-2008-2335: Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 a Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
nvd
Vastal Phpvid vulnerabilities | cvebase