Vulnerabilities > China ON Site

DATE CVE VULNERABILITY TITLE RISK
2009-04-28 CVE-2008-6761 Code Injection vulnerability in China-On-Site Flexcustomer0.0.6
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field).
network
low complexity
china-on-site CWE-94
critical
 10.0
10
2009-04-24 CVE-2008-6750 Improper Input Validation vulnerability in China-On-Site Flexphpdirectory 0.0.1
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/. 		6.8
6.8
2009-04-24 CVE-2008-6749 SQL Injection vulnerability in China-On-Site Flexphpdirectory 0.0.1
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters. 		6.8
6.8
2009-04-20 CVE-2008-6731 Improper Input Validation vulnerability in China-On-Site Flexphplink 0.0.7
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
network
china-on-site CWE-20
critical
 9.3
9.3
2009-04-20 CVE-2008-6730 SQL Injection vulnerability in China-On-Site Flexphplink 0.0.6/0.0.7
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. 		6.8
6.8
2009-02-23 CVE-2008-6241 SQL Injection vulnerability in China-On-Site Flexphpsite 0.0.1/0.0.7
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. 		6.8
6.8
2009-02-16 CVE-2008-6142 SQL Injection vulnerability in China-On-Site Flexphpic 0.0.3/0.0.4
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
network
low complexity
china-on-site CWE-89
7.5
7.5
2009-01-21 CVE-2008-5927 SQL Injection vulnerability in China-On-Site Flexphpnews 0.0.6
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php.
network
low complexity
china-on-site CWE-89
7.5
7.5
2005-05-02 CVE-2005-1237 SQL Injection vulnerability in FlexPHPNews News.PHP
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
network
low complexity
china-on-site
7.5
7.5