Vulnerabilities > WEB Provence
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-09 | CVE-2006-4656 | Remote File Include vulnerability in Web-Provence SL_Site Spaw_control.class.PHP PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2015 | Input Validation vulnerability in Web-Provence SL Site 1.0 Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. | 2.6 |
| 2006-04-25 | CVE-2006-2014 | Input Validation vulnerability in Web-Provence SL Site 1.0 Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. | 5.0 |
| 2006-04-25 | CVE-2006-2013 | Input Validation vulnerability in Web-Provence SL Site 1.0 SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. | 7.5 |