Pre Classified Listings
by Preprojects
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6888 | 0.03 | — | 0.02 | Aug 3, 2009 | Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||
| CVE-2008-6887 | 0.03 | — | 0.00 | Aug 3, 2009 | SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | ||
| CVE-2008-6231 | 0.03 | — | 0.04 | Feb 20, 2009 | Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||
| CVE-2008-6055 | 0.00 | — | 0.00 | Feb 4, 2009 | PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
- CVE-2008-6888Aug 3, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
- CVE-2008-6887Aug 3, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
- CVE-2008-6231Feb 20, 2009risk 0.03cvss —epss 0.04
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6055Feb 4, 2009risk 0.00cvss —epss 0.00
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.