Vulnerabilities > Phpadsnew > Phpadsnew > 2.0.beta5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-17 | CVE-2005-3646 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 |
| 2005-11-17 | CVE-2005-3645 | Information Exposure vulnerability in multiple products phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | 5.0 |
| 2001-10-02 | CVE-2001-1054 | Remote Arbitrary Code Execution vulnerability in PHPadsnew 2.0Beta5 PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | 7.5 |