Vulnerabilities > Ekinboard

DATE CVE VULNERABILITY TITLE RISK
2009-09-02 CVE-2008-7157 Permissions, Privileges, and Access Controls vulnerability in Ekinboard
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
network
ekinboard CWE-264
6.8
2009-09-02 CVE-2008-7156 Improper Authentication vulnerability in Ekinboard
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
network
ekinboard CWE-287
6.8
2006-03-10 CVE-2006-1130 Input Validation vulnerability in Ekinboard 1.0.3
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
network
ekinboard
4.3
2006-03-10 CVE-2006-1129 Input Validation vulnerability in Ekinboard 1.0.3
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.
network
low complexity
ekinboard
7.5