Azdgdating
by Azerbaijan Development Group
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3792 | 0.03 | — | 0.05 | Jul 15, 2007 | Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. | |||
| CVE-2005-2951 | 0.03 | — | 0.03 | Sep 16, 2005 | Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an… | |||
| CVE-2005-1081 | 0.03 | — | 0.02 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2005-1082 | 0.03 | — | 0.01 | Apr 9, 2005 | Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php. | |||
| CVE-2004-1911 | 0.03 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. |
- CVE-2007-3792Jul 15, 2007risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
- CVE-2005-2951Sep 16, 2005risk 0.03cvss —epss 0.03
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an…
- CVE-2005-1081May 2, 2005risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2005-1082Apr 9, 2005risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
- CVE-2004-1911Dec 31, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.