Vulnerabilities > Phpcredo > Phcdownload

DATE CVE VULNERABILITY TITLE RISK
2009-04-03 CVE-2008-6597 Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.1
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter.
network
phpcredo CWE-79
4.3
2009-04-03 CVE-2008-6596 SQL Injection vulnerability in PHPcredo Phcdownload 1.1
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter.
network
low complexity
phpcredo CWE-89
7.5
2008-01-08 CVE-2007-6670 SQL Injection vulnerability in PHPcredo Phcdownload 1.1
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
network
low complexity
phpcredo CWE-89
7.5
2008-01-08 CVE-2007-6669 Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.1
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
network
phpcredo CWE-79
4.3
2007-12-28 CVE-2007-6588 Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.10
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component.
network
phpcredo CWE-79
4.3
2006-07-12 CVE-2006-3525 SQL-Injection vulnerability in PHPcredo Phcdownload 1.0.0Final
SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
phpcredo
7.5