Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2007-1987 | 1 Phpecho Cms | 1 Phpecho Cms | 2018-10-16 | 7.5 HIGH | N/A |
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use. | |||||
CVE-2008-0355 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. | |||||
CVE-2009-2401 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-18 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | |||||
CVE-2009-2402 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-18 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||||
CVE-2007-2866 | 1 Phpecho Cms | 1 Phpecho Cms | 2011-03-07 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2008-11-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |