Vulnerabilities > Phpstore
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-11 | CVE-2008-6931 | Permissions, Privileges, and Access Controls vulnerability in PHPstore PHPcareers Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | 6.5 |
2009-08-11 | CVE-2008-6930 | Permissions, Privileges, and Access Controls vulnerability in PHPstore Real Estate Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | 6.5 |
2009-08-11 | CVE-2008-6929 | Permissions, Privileges, and Access Controls vulnerability in PHPstore Auto Classifieds Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | 6.5 |
2009-08-11 | CVE-2008-6928 | Permissions, Privileges, and Access Controls vulnerability in PHPstore Complete Classifieds Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | 6.5 |
2008-12-12 | CVE-2008-5493 | SQL Injection vulnerability in PHPstore Wholesale and Wholesales SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-12-12 | CVE-2008-5490 | SQL Injection vulnerability in PHPstore Yahoo Answers SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |