Vulnerabilities > Mkportal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-20 | CVE-2007-6467 | SQL Injection vulnerability in Mkportal 1.1Rc1 SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | 7.5 |
| 2007-07-17 | CVE-2007-3814 | SQL Injection vulnerability in Mkportal 1.1.1 Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | 7.5 |
| 2007-07-17 | CVE-2007-3813 | Remote Security vulnerability in Mkportal Noboard Module Beta PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. network mkportal | 4.3 |
| 2007-07-10 | CVE-2007-3637 | SQL Injection vulnerability in Mkportal 1.1.1 SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. | 7.5 |
| 2007-01-12 | CVE-2007-0194 | Information Disclosure vulnerability in Mkportal 1.1Rc1 admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. | 7.8 |
| 2007-01-12 | CVE-2007-0192 | Cross-Site Request Forgery vulnerability in MKPortal Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack. | 7.5 |
| 2007-01-12 | CVE-2007-0191 | Cross-Site Scripting vulnerability in MKPortal Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. network mkportal | 6.8 |
| 2006-12-26 | CVE-2006-6741 | Cross-Site Request Forgery (CSRF) vulnerability in Mkportal 1.1 Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | 5.8 |
| 2006-10-03 | CVE-2006-5139 | Remote Security vulnerability in MKPortal Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox. | 5.0 |
| 2006-09-09 | CVE-2006-4665 | Cross-Site Scripting vulnerability in Mkportal 1.1Rc1 Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. network mkportal | 4.3 |