Vulnerabilities > Linpha > Linpha > 0.9.4

DATE CVE VULNERABILITY TITLE RISK
2009-09-14 CVE-2008-7223 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
4.3
2009-03-31 CVE-2008-6571 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
network
linpha CWE-79
4.3
4.3
2008-04-16 CVE-2008-1856 Improper Input Validation vulnerability in Linpha
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
network
high complexity
linpha CWE-20
5.1
5.1
2006-02-15 CVE-2006-0713 Local File Inclusion and PHP Code Injection vulnerability in LinPHA
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via ..
network
low complexity
linpha
5.0
5.0
2004-07-29 CVE-2004-2066 SQL Injection vulnerability in LinPHA Session Cookie
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
network
low complexity
linpha
7.5
7.5