Vulnerabilities > Phpwebsite > Phpwebsite > 0.9.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-12-08 | CVE-2011-4265 | Cross-Site Scripting vulnerability in PHPwebsite Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2005-05-02 | CVE-2005-0565 | Remote Security vulnerability in Phpwebsite The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension. | 7.5 |
2004-12-31 | CVE-2004-2322 | SQL-Injection vulnerability in Phpwebsite SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | 7.5 |