VYPR

Labwiki

by Labwiki Project

CVEs (4)

  • CVE-2011-4334HigOct 23, 2017
    risk 0.61cvss 8.8epss 0.06

    edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

  • CVE-2011-4333MedOct 23, 2017
    risk 0.43cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

  • CVE-2006-2968Jun 12, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter).

  • CVE-2006-2850Jun 6, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter.