Vulnerabilities > Avatic > Aardvark Topsites PHP > 5.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-02 | CVE-2009-2304 | Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | 5.0 |
2009-07-02 | CVE-2009-2303 | Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. | 5.0 |
2009-07-02 | CVE-2009-2302 | Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. | 4.3 |