Vulnerabilities > Quicksilver Forums
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-12 | CVE-2008-3601 | SQL Injection vulnerability in Quicksilver Forums Quicksilver Forums 1.4.1 SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action. | 7.5 |
2007-10-01 | CVE-2007-5172 | Information Exposure vulnerability in Quicksilver Forums Quicksilver Forums Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message. | 5.0 |
2007-10-01 | CVE-2007-5171 | Permissions, Privileges, and Access Controls vulnerability in Quicksilver Forums Quicksilver Forums Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | 5.0 |
2006-09-15 | CVE-2006-4824 | Remote File Include vulnerability in Quicksilver Forums Activeutil.PHP PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter. | 7.5 |
2005-12-06 | CVE-2005-4030 | SQL Injection vulnerability in Quicksilver Forums SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. | 5.1 |