Vulnerabilities > Wiclear
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-26 | CVE-2007-1097 | Improper Input Validation vulnerability in Wiclear Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. | 10.0 |
2006-10-25 | CVE-2006-5506 | Code Injection vulnerability in Wiclear 0.10 Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/. | 7.5 |