VYPR

Phpvid

by Vastal

CVEs (6)

  • CVE-2013-5312Aug 19, 2013
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.

  • CVE-2013-5311Aug 19, 2013
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.

  • CVE-2008-4157Sep 22, 2008
    risk 0.03cvss epss 0.06

    SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.

  • CVE-2008-2335May 19, 2008
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later…

  • CVE-2007-3610Jul 6, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2015-2563Mar 20, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.