VYPR

Phpstatus

by Hinton Design

CVEs (3)

  • CVE-2006-0571Feb 7, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

  • CVE-2006-0570Feb 7, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative…

  • CVE-2006-0572Feb 7, 2006
    risk 0.00cvss epss 0.02

    phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.