Vulnerabilities > Avatic > Aardvark Topsites PHP > 4.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-02 | CVE-2009-2304 | Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | 5.0 |
2009-07-02 | CVE-2009-2303 | Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | 5.0 |
2009-07-02 | CVE-2009-2302 | Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | 4.3 |
2006-05-03 | CVE-2006-2149 | Remote File Include vulnerability in Avatic Aardvark Topsites PHP 4.2.2 PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | 6.4 |