Vulnerabilities > Phpwebthings > Phpwebthings > 0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-22 | CVE-2009-2147 | SQL Injection vulnerability in PHPwebthings SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-16 | CVE-2009-2081 | Path Traversal vulnerability in PHPwebthings Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |