VYPR

Weekly Drawing Contest

by Weekly Drawing Contest

CVEs (3)

  • CVE-2007-1601Mar 22, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any…

  • CVE-2007-1603Mar 22, 2007
    risk 0.00cvss epss 0.01

    admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request.

  • CVE-2007-1602Mar 22, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter.