Flip
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0785 | 0.09 | — | 0.79 | Feb 6, 2007 | PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | ||
| CVE-2008-3311 | 0.03 | — | 0.01 | Jul 25, 2008 | PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | ||
| CVE-2007-5063 | 0.03 | — | 0.04 | Sep 24, 2007 | Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | ||
| CVE-2007-5062 | 0.03 | — | 0.06 | Sep 24, 2007 | account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action. | ||
| CVE-2005-4365 | 0.03 | — | 0.01 | Dec 20, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. |
- CVE-2007-0785Feb 6, 2007risk 0.09cvss —epss 0.79
PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
- CVE-2008-3311Jul 25, 2008risk 0.03cvss —epss 0.01
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
- CVE-2007-5063Sep 24, 2007risk 0.03cvss —epss 0.04
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.
- CVE-2007-5062Sep 24, 2007risk 0.03cvss —epss 0.06
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action.
- CVE-2005-4365Dec 20, 2005risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.