Vulnerabilities > Comdev

DATE CVE VULNERABILITY TITLE RISK
2018-02-17 CVE-2018-6368 SQL Injection vulnerability in Comdev Jomestate PRO
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
network
low complexity
comdev CWE-89
7.5
2009-02-23 CVE-2008-6250 SQL Injection vulnerability in Comdev web Blogger 4.1
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
network
comdev CWE-89
6.8
2008-04-17 CVE-2008-1872 SQL Injection vulnerability in Comdev News Publisher 4.1.2
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter.
network
low complexity
comdev CWE-89
7.5
2007-06-06 CVE-2007-3084 Remote Security vulnerability in Comdev web Blogger 4.1
PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.
network
low complexity
comdev
7.5
2007-06-06 CVE-2007-3081 Remote Security vulnerability in Comdev Ecommerce 4.1
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev
7.5
2007-05-02 CVE-2007-2422 Unspecified vulnerability in Comdev Modules Builder 4.1
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php.
network
low complexity
comdev
7.5
2006-11-22 CVE-2006-6045 Remote Security vulnerability in Comdev ONE Admin PRO 4.1
Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.
network
comdev
6.8
2006-10-20 CVE-2006-5441 Remote Security vulnerability in Comdev web Blogger 4.1
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev
7.5
2006-10-20 CVE-2006-5440 Remote Security vulnerability in Comdev Form Designer 4.1
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev
7.5
2006-10-20 CVE-2006-5439 Code Injection vulnerability in Comdev Misc Tools 4.1
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev CWE-94
7.5