Vulnerabilities > Lifetype > Lifetype > 1.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-06 | CVE-2006-6112 | Remote Security vulnerability in LifeType LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message. | 5.0 |
2006-06-06 | CVE-2006-2857 | SQL Injection vulnerability in Lifetype 1.0.2/1.0.3/1.0.4 SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php). | 7.5 |
2006-04-18 | CVE-2006-1809 | Information Disclosure vulnerability in Lifetype 1.0.3 index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message. | 5.0 |
2006-04-18 | CVE-2006-1808 | Cross-Site Scripting vulnerability in Lifetype 1.0.3 Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | 2.6 |