Vulnerabilities > Widget Press > Widget Property
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4017 | property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | 5.0 |
| 2005-12-05 | CVE-2005-4016 | SQL Injection vulnerability in Widget Press Widget Property 1.1.19 SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | 7.5 |