Vulnerabilities > Apphp

DATE CVE VULNERABILITY TITLE RISK
2015-06-22 CVE-2015-4713 SQL Injection vulnerability in Apphp Hotel Site
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
network
low complexity
apphp CWE-89
6.5
2011-10-07 CVE-2010-4881 Cross-Site Request Forgery (CSRF) vulnerability in Apphp Calendar
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
network
apphp CWE-352
6.8
2011-10-07 CVE-2010-4880 Cross-Site Scripting vulnerability in Apphp Calendar
Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
network
apphp CWE-79
4.3
2010-09-22 CVE-2010-3481 SQL Injection vulnerability in Apphp PHP Microcms 1.0.1
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php.
network
apphp CWE-89
6.8
2010-09-22 CVE-2010-3480 Path Traversal vulnerability in Apphp PHP Microcms 1.0.1
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..
network
apphp CWE-22
6.8