Vulnerabilities > Mkportal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-13 | CVE-2006-3554 | Directory Traversal vulnerability in Mkportal 1.0.1Final Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | 7.5 |
| 2006-04-27 | CVE-2006-2067 | Input Validation vulnerability in Mkportal 1.1 SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
| 2006-04-27 | CVE-2006-2066 | Cross-Site Scripting vulnerability in Mkportal 1.1Rc1 Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters. | 4.3 |