Vulnerabilities > Vlad Alexa Mancini > Phpfootball > 1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-23 | CVE-2009-0711 | Information Exposure vulnerability in Vlad Alexa Mancini PHPfootball 1.5/1.6 filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. | 5.0 |
2009-02-23 | CVE-2009-0710 | Cross-Site Scripting vulnerability in Vlad Alexa Mancini PHPfootball 1.6 Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. | 4.3 |
2009-02-23 | CVE-2009-0709 | SQL Injection vulnerability in Vlad Alexa Mancini PHPfootball 1.6 SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. | 7.5 |
2007-01-31 | CVE-2007-0638 | Information Disclosure vulnerability in Vlad Alexa Mancini PHPfootball 1.6 show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | 5.0 |