Projectpier
by Projectpier
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-10036 | Cri | 0.70 | — | 0.02 | Aug 8, 2025 | Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a… | ||
| CVE-2018-10759 | Cri | 0.64 | 9.8 | 0.02 | May 16, 2018 | PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | ||
| CVE-2018-10760 | Hig | 0.57 | 8.8 | 0.01 | May 16, 2018 | Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory… | ||
| CVE-2013-3637 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2020 | ProjectPier 0.8.8 does not use the Secure flag for cookies | ||
| CVE-2013-3636 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2020 | ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag | ||
| CVE-2013-3635 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2020 | ProjectPier 0.8.8 has stored XSS | ||
| CVE-2008-5584 | 0.03 | — | 0.03 | Dec 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php. | |||
| CVE-2011-3797 | 0.00 | — | 0.01 | Sep 24, 2011 | ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | |||
| CVE-2008-5583 | 0.00 | — | 0.01 | Dec 15, 2008 | Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action. |
- risk 0.70cvss —epss 0.02
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a…
- risk 0.64cvss 9.8epss 0.02
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.
- risk 0.57cvss 8.8epss 0.01
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory…
- risk 0.35cvss 5.4epss 0.01
ProjectPier 0.8.8 does not use the Secure flag for cookies
- risk 0.35cvss 5.4epss 0.01
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
- risk 0.35cvss 5.4epss 0.01
ProjectPier 0.8.8 has stored XSS
- CVE-2008-5584Dec 15, 2008risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.
- CVE-2011-3797Sep 24, 2011risk 0.00cvss —epss 0.01
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
- CVE-2008-5583Dec 15, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.