Vulnerabilities > Avatic > Aardvark Topsites PHP > 5.0.3

DATE CVE VULNERABILITY TITLE RISK
2009-07-02 CVE-2009-2304 Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
network
low complexity
avatic CWE-20
5.0
5.0
2009-07-02 CVE-2009-2303 Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
network
low complexity
avatic CWE-20
5.0
5.0
2009-07-02 CVE-2009-2302 Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
network
avatic CWE-79
4.3
4.3