Vulnerabilities > Connectix > Connectix Boards > 0.4.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-03 | CVE-2007-1255 | SQL-Injection vulnerability in Connectix Boards Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. network connectix | 6.0 |
2007-03-03 | CVE-2007-1254 | SQL-Injection vulnerability in Connectix Boards SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | 6.5 |