Vulnerabilities > PHP Update

DATE	CVE	VULNERABILITY TITLE	RISK
2006-12-31	CVE-2006-6880	SQL Injection vulnerability in PHP-Update Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. network low complexity php-update CWE-89	7.5
2006-12-31	CVE-2006-6879	Unspecified vulnerability in PHP-Update Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. network php-update	6.0
2006-12-31	CVE-2006-6878	Unspecified vulnerability in PHP-Update admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. network low complexity php-update	7.5
2006-12-20	CVE-2006-6661	Remote Security vulnerability in Php-Update Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. network low complexity php-update	7.5

Vulnerabilities > PHP Update {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"PHP Update"}]}