Vulnerabilities > Mkportal

DATE CVE VULNERABILITY TITLE RISK
2006-07-13 CVE-2006-3554 Directory Traversal vulnerability in Mkportal 1.0.1Final
Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.
network
low complexity
mkportal
7.5
2006-04-27 CVE-2006-2067 Input Validation vulnerability in Mkportal 1.1
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
mkportal
7.5
2006-04-27 CVE-2006-2066 Cross-Site Scripting vulnerability in Mkportal 1.1Rc1
Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.
network
mkportal CWE-79
4.3