Vulnerabilities > Ekinboard > Ekinboard
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-02 | CVE-2008-7157 | Permissions, Privileges, and Access Controls vulnerability in Ekinboard Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | 6.8 |
2009-09-02 | CVE-2008-7156 | Improper Authentication vulnerability in Ekinboard EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | 6.8 |
2006-03-10 | CVE-2006-1130 | Input Validation vulnerability in Ekinboard 1.0.3 Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. network ekinboard | 4.3 |
2006-03-10 | CVE-2006-1129 | Input Validation vulnerability in Ekinboard 1.0.3 SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. | 7.5 |