Vulnerabilities > Phptoys
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-01 | CVE-2007-5787 | Permissions, Privileges, and Access Controls vulnerability in PHPtoys Micro Login System 1.0 Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | 5.0 |
2006-07-25 | CVE-2006-3852 | HTML Injection vulnerability in Micro Guestbook Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields. network phptoys | 4.3 |