Phpdirector
by Php Director
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0604 | 0.03 | — | 0.01 | Feb 16, 2009 | SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. | |||
| CVE-2007-3562 | 0.03 | — | 0.02 | Jul 4, 2007 | SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-3529 | 0.03 | — | 0.06 | Jul 3, 2007 | videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | |||
| CVE-2007-3530 | 0.03 | — | 0.00 | Jul 3, 2007 | PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. |
- CVE-2009-0604Feb 16, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
- CVE-2007-3562Jul 4, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-3529Jul 3, 2007risk 0.03cvss —epss 0.06
videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.
- CVE-2007-3530Jul 3, 2007risk 0.03cvss —epss 0.00
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.