Vulnerabilities > Phpecho CMS

DATE CVE VULNERABILITY TITLE RISK
2009-07-09 CVE-2009-2402 SQL Injection vulnerability in PHPecho CMS PHPecho CMS 2.0Rc3
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
network
low complexity
phpecho-cms CWE-89
7.5
7.5
2009-07-09 CVE-2009-2401 Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0Rc3
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. 		4.3
4.3
2008-01-18 CVE-2008-0355 SQL Injection vulnerability in PHPecho CMS PHPecho CMS
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
network
low complexity
phpecho-cms CWE-89
7.5
7.5
2007-06-21 CVE-2007-3335 SQL-Injection vulnerability in PHPEcho CMS
Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
phpecho-cms
7.5
7.5
2007-05-25 CVE-2007-2866 SQL-Injection vulnerability in PHPEcho CMS
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters.
network
low complexity
phpecho-cms
7.5
7.5
2007-04-12 CVE-2007-1988 Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
network
phpecho-cms
4.3
4.3