Vulnerabilities > Cannot
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-30 | CVE-2008-4334 | Permissions, Privileges, and Access Controls vulnerability in Cannot PHP Infoboard V.7 PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | 7.5 |
2008-09-30 | CVE-2008-4333 | Cross-Site Scripting vulnerability in Cannot PHP Infoboard V.7 Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action. | 4.3 |
2008-09-30 | CVE-2008-4332 | SQL Injection vulnerability in Cannot PHP Infoboard V.7 SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php. | 7.5 |