Vulnerabilities > Arabportal > Arab Portal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-18 | CVE-2015-6519 | SQL Injection vulnerability in Arabportal Arab Portal 3.0 SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | 7.5 |
2010-06-18 | CVE-2010-2340 | SQL Injection vulnerability in Arabportal Arab Portal 2.2 SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action. | 6.8 |
2010-03-18 | CVE-2009-4725 | Path Traversal vulnerability in Arabportal Arab Portal Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2009-12-04 | CVE-2009-4203 | SQL Injection vulnerability in Arabportal Arab Portal 2.2 Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. | 7.5 |
2009-08-17 | CVE-2009-2781 | SQL Injection vulnerability in Arabportal Arab Portal 2.0.1/2.1/2.2 SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | 6.0 |
2008-12-31 | CVE-2008-5787 | Path Traversal vulnerability in Arabportal Arab Portal 2.1 Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. | 5.4 |