Webmatic
by Valarsoft
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0839 | 0.04 | — | 0.14 | Feb 8, 2007 | Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. | ||
| CVE-2012-3350 | 0.03 | — | 0.02 | Jul 12, 2012 | SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | ||
| CVE-2010-4808 | 0.03 | — | 0.00 | Jul 8, 2011 | SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||
| CVE-2009-4380 | 0.00 | — | 0.00 | Dec 22, 2009 | Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. | ||
| CVE-2009-4379 | 0.00 | — | 0.00 | Dec 22, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924. | ||
| CVE-2008-2924 | 0.00 | — | 0.00 | Jun 30, 2008 | Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-2925 | 0.00 | — | 0.00 | Jun 30, 2008 | SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2007-3727 | 0.00 | — | 0.01 | Jul 12, 2007 | Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." | ||
| CVE-2007-3648 | 0.00 | — | 0.01 | Jul 10, 2007 | SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. |
- CVE-2007-0839Feb 8, 2007risk 0.04cvss —epss 0.14
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
- CVE-2012-3350Jul 12, 2012risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
- CVE-2010-4808Jul 8, 2011risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
- CVE-2009-4380Dec 22, 2009risk 0.00cvss —epss 0.00
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.
- CVE-2009-4379Dec 22, 2009risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924.
- CVE-2008-2924Jun 30, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-2925Jun 30, 2008risk 0.00cvss —epss 0.00
SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-3727Jul 12, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."
- CVE-2007-3648Jul 10, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.