Vulnerabilities > Iscripts > Autohoster

DATE CVE VULNERABILITY TITLE RISK
2013-12-20 CVE-2013-7190 Path Traversal vulnerability in Iscripts Autohoster 2.4
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
network
low complexity
iscripts CWE-22
5.0
5.0
2013-12-20 CVE-2013-7189 SQL Injection vulnerability in Iscripts Autohoster 2.4
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
network
low complexity
iscripts CWE-89
7.5
7.5