Vulnerabilities > Cannot

DATE CVE VULNERABILITY TITLE RISK
2008-09-30 CVE-2008-4334 Permissions, Privileges, and Access Controls vulnerability in Cannot PHP Infoboard V.7
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
network
low complexity
cannot CWE-264
7.5
2008-09-30 CVE-2008-4333 Cross-Site Scripting vulnerability in Cannot PHP Infoboard V.7
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
network
cannot CWE-79
4.3
2008-09-30 CVE-2008-4332 SQL Injection vulnerability in Cannot PHP Infoboard V.7
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
network
low complexity
cannot CWE-89
7.5