Vulnerabilities > Phppgads > Phppgads > 2.0.6

DATE CVE VULNERABILITY TITLE RISK
2005-11-17 CVE-2005-3646 SQL Injection vulnerability in multiple products
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
network
low complexity
phpadsnew phppgads CWE-89
7.5
7.5
2005-11-17 CVE-2005-3645 Information Exposure vulnerability in multiple products
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
network
low complexity
phpadsnew phppgads CWE-200
5.0
5.0