VYPR

Phpenpals

by Jevontech

CVEs (2)

  • CVE-2009-1814May 29, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.

  • CVE-2006-0074Jan 4, 2006
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.