Vulnerabilities > Phprisk

DATE	CVE	VULNERABILITY TITLE	RISK
2009-09-02	CVE-2008-7155	Permissions, Privileges, and Access Controls vulnerability in PHPrisk Netrisk 1.9.7 NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. network low complexity phprisk CWE-264	7.5
2008-01-09	CVE-2008-0186	Cross-Site Scripting vulnerability in PHPrisk Netrisk Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. network phprisk CWE-79	4.3
2008-01-08	CVE-2008-0144	SQL Injection vulnerability in PHPrisk Netrisk 1.9.7 PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. network low complexity phprisk CWE-89	7.5

Vulnerabilities > Phprisk {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phprisk"}]}