Web Hosting Directory
by Turnkeyforms
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6940 | 0.04 | — | 0.07 | Aug 12, 2009 | TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||
| CVE-2008-6941 | 0.03 | — | 0.01 | Aug 12, 2009 | SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | ||
| CVE-2008-6939 | 0.03 | — | 0.04 | Aug 12, 2009 | TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. |