Vulnerabilities > Phpwebsite > Phpwebsite > 0.9.2.1

DATE CVE VULNERABILITY TITLE RISK
2011-12-08 CVE-2011-4265 Cross-Site Scripting vulnerability in PHPwebsite
Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
phpwebsite CWE-79
4.3
4.3
2005-05-02 CVE-2005-0565 Remote Security vulnerability in Phpwebsite
The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.
network
low complexity
phpwebsite
7.5
7.5
2004-12-31 CVE-2004-2322 SQL-Injection vulnerability in Phpwebsite
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
network
low complexity
phpwebsite
7.5
7.5