Vulnerabilities > Comdev

DATE CVE VULNERABILITY TITLE RISK
2006-10-03 CVE-2006-5101 Code Injection vulnerability in Comdev CSV Importer 3.1/4.1
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
network
low complexity
comdev CWE-94
7.5
7.5
2005-11-26 CVE-2005-3825 SQL Injection vulnerability in Comdev Vote Caster
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
network
low complexity
comdev
7.5
7.5
2005-08-10 CVE-2005-2544 Remote File Include vulnerability in Comdev Ecommerce 3.0
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
network
low complexity
comdev
5.0
5.0
2005-08-10 CVE-2005-2543 Directory Traversal vulnerability in Comdev Ecommerce 3.0
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a ..
network
low complexity
comdev
5.0
5.0
2005-07-05 CVE-2005-2138 Cross-Site Scripting vulnerability in Comdev Ecommerce 3.0/3.1
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
network
comdev
4.3
4.3