Vulnerabilities > Devilz Clanportal > Devilz Clanportal > 1.3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-07 | CVE-2006-6339 | SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request. network devilz-clanportal | 6.8 |
2006-12-07 | CVE-2006-6338 | Unspecified vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/. | 5.0 |