Vulnerabilities > Projectpier > Projectpier > 0.8.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-16 | CVE-2018-10760 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectpier Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | 6.5 |
2018-05-16 | CVE-2018-10759 | SQL Injection vulnerability in Projectpier PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | 7.5 |
2011-09-24 | CVE-2011-3797 | Information Exposure vulnerability in Projectpier 0.8.0.3 ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | 5.0 |