Kwsphp
by Kwsphp
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6201 | 0.04 | — | 0.09 | Feb 20, 2009 | Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-1759 | 0.03 | — | 0.01 | Apr 12, 2008 | SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. | ||
| CVE-2008-1757 | 0.03 | — | 0.00 | Apr 12, 2008 | Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. | ||
| CVE-2008-1758 | 0.03 | — | 0.01 | Apr 12, 2008 | SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. | ||
| CVE-2007-5485 | 0.03 | — | 0.00 | Oct 16, 2007 | SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter. | ||
| CVE-2007-4979 | 0.03 | — | 0.01 | Sep 19, 2007 | SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2. | ||
| CVE-2007-4956 | 0.03 | — | 0.02 | Sep 18, 2007 | Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module. | ||
| CVE-2007-4922 | 0.03 | — | 0.01 | Sep 17, 2007 | SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information. |
- CVE-2008-6201Feb 20, 2009risk 0.04cvss —epss 0.09
Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-1759Apr 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
- CVE-2008-1757Apr 12, 2008risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
- CVE-2008-1758Apr 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
- CVE-2007-5485Oct 16, 2007risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
- CVE-2007-4979Sep 19, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.
- CVE-2007-4956Sep 18, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
- CVE-2007-4922Sep 17, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.