Vulnerabilities > Exoscripts > Exophpdesk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-23 | CVE-2011-3736 | Information Exposure vulnerability in Exoscripts Exophpdesk 1.2.1 ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | 5.0 |
| 2009-08-07 | CVE-2008-6917 | SQL Injection vulnerability in Exoscripts Exophpdesk 1.2 SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | 7.5 |