Vulnerabilities > Chipmunk Scripts

DATE CVE VULNERABILITY TITLE RISK
2011-10-05 CVE-2010-4866 SQL Injection vulnerability in Chipmunk-Scripts Chipmunk Board 1.3
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
network
low complexity
chipmunk-scripts CWE-89
7.5
2011-04-27 CVE-2010-4799 SQL Injection vulnerability in Chipmunk-Scripts Pwngame 1.0
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php.
6.8
2009-08-25 CVE-2008-7071 SQL Injection vulnerability in Chipmunk-Scripts Chipmunk Topsites
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php.
network
low complexity
chipmunk-scripts CWE-89
7.5
2009-08-25 CVE-2008-7072 Cross-Site Scripting vulnerability in Chipmunk-Scripts Chipmunk Topsites
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
4.3
2009-03-02 CVE-2008-6368 SQL Injection vulnerability in Chipmunk Scripts Chipmunk Guestbook 1.4M
SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter.
network
low complexity
chipmunk-scripts CWE-89
7.5
2009-02-03 CVE-2009-0399 Permissions, Privileges, and Access Controls vulnerability in Chipmunk Scripts Chipmunk Blogger
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php.
network
low complexity
chipmunk-scripts CWE-264
7.5
2009-02-03 CVE-2009-0403 SQL Injection vulnerability in Chipmunk Scripts Chipmunk Blogger
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
network
low complexity
chipmunk-scripts CWE-89
7.5
2008-11-04 CVE-2008-4921 Permissions, Privileges, and Access Controls vulnerability in Chipmunk Scripts Chipmunk CMS 1.3
board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request.
network
low complexity
chipmunk-scripts CWE-264
7.5
2008-07-15 CVE-2008-3186 Cross-Site Scripting vulnerability in Chipmunk Scripts Chipmunk Blogger
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php.
4.3
2007-02-24 CVE-2006-7042 Cross-Site Scripting vulnerability in Chipmunk Directory
Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.
6.8