Vulnerabilities > Phpecho CMS > Phpecho CMS > 2.0.rc3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-09 | CVE-2009-2402 | SQL Injection vulnerability in PHPecho CMS PHPecho CMS 2.0Rc3 SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | 7.5 |
2009-07-09 | CVE-2009-2401 | Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0Rc3 Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | 4.3 |