Vulnerabilities > Powie

DATE CVE VULNERABILITY TITLE RISK
2013-01-31 CVE-2012-6524 SQL Injection vulnerability in Powie PGB 2.12/2.14
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
2012-02-24 CVE-2012-1211 Cross-Site Scripting vulnerability in Powie Pfile 1.02
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.
network
powie CWE-79
4.3
2012-02-24 CVE-2012-1210 SQL Injection vulnerability in Powie Pfile 1.02
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
2008-11-28 CVE-2008-5269 SQL Injection vulnerability in Powie Psys 0.7.0
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
network
low complexity
powie CWE-89
7.5
2008-09-30 CVE-2008-4357 SQL Injection vulnerability in Powie Plink 2.07
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
2008-09-30 CVE-2008-4355 SQL Injection vulnerability in Powie Pforum 1.30
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
2008-09-30 CVE-2008-4347 SQL Injection vulnerability in Powie Pnews 2.03
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
network
low complexity
powie CWE-89
7.5
2008-07-10 CVE-2008-3131 SQL Injection vulnerability in Powie Psys 0.7.0
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.
network
powie CWE-89
6.8
2008-06-12 CVE-2008-2673 SQL Injection vulnerability in Powie Pnews 2.08/2.10
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
network
low complexity
powie CWE-89
7.5
2006-11-22 CVE-2006-6039 SQL Injection vulnerability in Powie PHP Matchmaker 4.05
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.
network
low complexity
powie
7.5