Phpizabi
by Phpizabi
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3723 | 0.03 | — | 0.04 | Aug 20, 2008 | Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE:… | |||
| CVE-2008-3239 | 0.03 | — | 0.05 | Jul 21, 2008 | Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file… | |||
| CVE-2008-2018 | 0.03 | — | 0.02 | Apr 30, 2008 | The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by… | |||
| CVE-2008-0805 | 0.03 | — | 0.05 | Feb 19, 2008 | Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. | |||
| CVE-2008-3735 | 0.00 | — | 0.01 | Aug 20, 2008 | Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. |
- CVE-2008-3723Aug 20, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE:…
- CVE-2008-3239Jul 21, 2008risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file…
- CVE-2008-2018Apr 30, 2008risk 0.03cvss —epss 0.02
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by…
- CVE-2008-0805Feb 19, 2008risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
- CVE-2008-3735Aug 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.