Vulnerabilities > Yourfreeworld > Apartment Search Script
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-10 | CVE-2008-6684 | Improper Input Validation vulnerability in Yourfreeworld Apartment Search Script Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. | 6.8 |
| 2009-04-10 | CVE-2008-6683 | Cross-Site Scripting vulnerability in Yourfreeworld Apartment Search Script Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
| 2008-04-23 | CVE-2008-1919 | SQL Injection vulnerability in Yourfreeworld Apartment Search Script SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | 7.5 |