VYPR

Phpwebquest

by PHP Webquest

CVEs (3)

  • CVE-2008-0249Jan 12, 2008
    risk 0.03cvss epss 0.03

    PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.

  • CVE-2008-0219Jan 10, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

  • CVE-2007-4920Sep 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.