Vulnerabilities > Kwsphp > Kwsphp > 1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-04-12 | CVE-2008-1757 | Cross-Site Scripting vulnerability in Kwsphp 1.0 Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. | 4.3 |
2007-10-16 | CVE-2007-5485 | SQL Injection vulnerability in Kwsphp 1.0 SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter. | 7.5 |
2007-09-19 | CVE-2007-4979 | SQL Injection vulnerability in Kwsphp 1.0 SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2. | 7.5 |
2007-09-18 | CVE-2007-4956 | SQL Injection vulnerability in Kwsphp 1.0 Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module. | 7.5 |