Vulnerabilities > Eschew NET > Phpbannerexchange > 2.0.update.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-19 | CVE-2006-3013 | SQL Injection vulnerability in phpBannerExchange Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. | 5.1 |
2006-06-19 | CVE-2006-3012 | SQL Injection vulnerability in phpBannerExchange SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | 7.5 |
2006-03-14 | CVE-2006-1201 | Directory Traversal vulnerability in Eschew.Net PHPBannerExchange Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. | 5.0 |