Vulnerabilities > Clansys
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-15 | CVE-2006-2368 | Cross-Site Scripting vulnerability in Clansys 1.1 Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network clansys | 5.8 |
2006-05-15 | CVE-2006-2367 | Cross-Site Scripting vulnerability in Clansys 1.0/1.1 Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. network clansys | 4.3 |
2006-04-25 | CVE-2006-2005 | Remote Code Execution vulnerability in Clansys 1.1 Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. | 7.5 |
2006-04-11 | CVE-2006-1708 | SQL Injection vulnerability in Clansys 1.1 SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | 7.5 |