Vulnerabilities > Comdev > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-17 | CVE-2018-6368 | SQL Injection vulnerability in Comdev Jomestate PRO SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | 7.5 |
| 2008-04-17 | CVE-2008-1872 | SQL Injection vulnerability in Comdev News Publisher 4.1.2 SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3084 | Remote Security vulnerability in Comdev web Blogger 4.1 PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. | 7.5 |
| 2007-06-06 | CVE-2007-3081 | Remote Security vulnerability in Comdev Ecommerce 4.1 PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2006-10-20 | CVE-2006-5441 | Remote Security vulnerability in Comdev web Blogger 4.1 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2006-10-20 | CVE-2006-5440 | Remote Security vulnerability in Comdev Form Designer 4.1 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2006-10-20 | CVE-2006-5439 | Code Injection vulnerability in Comdev Misc Tools 4.1 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2006-10-20 | CVE-2006-5438 | Remote Security vulnerability in Comdev Forum 4.1 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5101 | Code Injection vulnerability in Comdev CSV Importer 3.1/4.1 PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2005-11-26 | CVE-2005-3825 | SQL Injection vulnerability in Comdev Vote Caster SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | 7.5 |