Vastal I-Tech Buddy Zone vulnerabilities
3 known vulnerabilities affecting vastal_i-tech/buddy_zone.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2007-3526P3HIGHCVSS 7.5PoC≤ 1.52007-07-03
CVE-2007-3526 [HIGH] CVE-2007-3526: Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execu
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
nvd
CVE-2007-3549P3HIGHCVSS 7.5PoCv1.52007-07-03
CVE-2007-3549 [HIGH] CVE-2007-3549: SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
nvd
CVE-2006-3494P4MEDIUMCVSS 6.8≤ 1.0.12006-07-10
CVE-2006-3494 [MEDIUM] CWE-79 CVE-2006-3494: Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to in
Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_gro
nvd