VYPR

pPIM

by Phlatline

CVEs (2)

  • CVE-2008-4428Oct 3, 2008
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

  • CVE-2008-4427Oct 3, 2008
    risk 0.03cvss epss 0.03

    changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.