Vulnerabilities > Phpadsnew > Phpadsnew > 2.0.4.pr1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-17 | CVE-2005-3646 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 |
| 2005-11-17 | CVE-2005-3645 | Information Exposure vulnerability in multiple products phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | 5.0 |
| 2005-03-14 | CVE-2005-0791 | Cross-Site Scripting vulnerability in PHPAdsNew AdFrame.PHP Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. network phpadsnew | 4.3 |
| 2005-03-14 | CVE-2005-0790 | Information Disclosure vulnerability in PHPadsnew 2.0.4Pr1 phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | 5.0 |