Vulnerabilities > Pligg > Pligg CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-26 | CVE-2008-7089 | Cross-Site Scripting vulnerability in Pligg CMS Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors. | 4.3 |
2009-08-13 | CVE-2008-6968 | SQL Injection vulnerability in Pligg CMS 9.9.5 Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | 7.5 |
2008-12-26 | CVE-2008-5739 | SQL Injection vulnerability in Pligg CMS 9.9.5 SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. | 7.5 |
2008-08-10 | CVE-2008-3572 | Cross-Site Scripting vulnerability in Pligg CMS 9.9.5 Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter. | 4.3 |
2008-07-30 | CVE-2008-3366 | SQL Injection vulnerability in Pligg CMS 9.9.0 SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-04-14 | CVE-2008-1774 | SQL Injection vulnerability in Pligg CMS 9.9.0 SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-10-18 | CVE-2007-5579 | Credentials Management vulnerability in Pligg CMS 9.5 login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | 7.5 |