Web Directory Pro
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3673 | 0.07 | — | 0.06 | Aug 30, 2024 | The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues. | |||
| CVE-2024-3552 | 0.07 | — | 0.67 | Jun 13, 2024 | The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | |||
| CVE-2008-4091 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||
| CVE-2008-3787 | 0.03 | — | 0.01 | Aug 26, 2008 | SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2024-3669 | 0.00 | — | 0.00 | Jul 30, 2024 | The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2006-5905 | 0.00 | — | 0.01 | Nov 15, 2006 | Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php. |
- CVE-2024-3673Aug 30, 2024risk 0.07cvss —epss 0.06
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
- CVE-2024-3552Jun 13, 2024risk 0.07cvss —epss 0.67
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
- CVE-2008-4091Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
- CVE-2008-3787Aug 26, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2024-3669Jul 30, 2024risk 0.00cvss —epss 0.00
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2006-5905Nov 15, 2006risk 0.00cvss —epss 0.01
Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.