Basic PHP Events Lister
by Mevin
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-3168 | Hig | 0.47 | 7.2 | 0.01 | Sep 11, 2009 | Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | |
| CVE-2008-6464 | 0.03 | — | 0.00 | Mar 13, 2009 | SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
- risk 0.47cvss 7.2epss 0.01
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.
- CVE-2008-6464Mar 13, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.