Vulnerabilities > Phpprofiles
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-27 | CVE-2008-1051 | Code Injection vulnerability in PHPprofiles 4.5.2 PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | 6.8 |
2006-12-26 | CVE-2006-6744 | Local Security vulnerability in PHPprofiles 2.1.0 phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | 2.1 |
2006-12-26 | CVE-2006-6743 | Local Security vulnerability in PHPprofiles 2.1.0 phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | 4.6 |
2006-11-01 | CVE-2006-5634 | Code Injection vulnerability in PHPprofiles Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | 6.8 |