Vulnerabilities > Phpwebsite
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-09-01 | CVE-2004-1654 | Input Validation vulnerability in PHPWebSite SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | 7.5 |
2003-10-20 | CVE-2003-0738 | USE of Externally-Controlled Format String vulnerability in PHPwebsite The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. | 7.8 |
2003-10-20 | CVE-2003-0737 | Remote Security vulnerability in Phpwebsite The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. | 5.0 |
2003-10-20 | CVE-2003-0736 | Cross-Site Scripting vulnerability in Phpwebsite Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. network phpwebsite | 6.8 |
2003-10-20 | CVE-2003-0735 | SQL-Injection vulnerability in Phpwebsite SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. | 7.5 |
2002-12-31 | CVE-2002-2178 | Cross-Site Scripting vulnerability in PHPwebsite 0.8.3 Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag. network phpwebsite | 4.3 |
2002-12-31 | CVE-2002-1807 | HTML Injection vulnerability in PHPwebsite 0.8.3 Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network phpwebsite | 4.3 |
2002-10-04 | CVE-2002-1135 | Unspecified vulnerability in PHPwebsite 0.8.2 modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. | 7.5 |