Vulnerabilities > Phpclanwebsite > Phpclanwebsite > 1.23.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-08 | CVE-2008-5879 | Cross-Site Scripting vulnerability in PHPclanwebsite Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | 4.3 |
2009-01-08 | CVE-2008-5878 | Path Traversal vulnerability in PHPclanwebsite Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. | 5.1 |
2009-01-08 | CVE-2008-5877 | SQL Injection vulnerability in PHPclanwebsite Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444. | 6.8 |