Exophpdesk
by Exophpdesk
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6917 | 0.03 | — | 0.00 | Aug 7, 2009 | SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | ||
| CVE-2007-0676 | 0.03 | — | 0.01 | Feb 3, 2007 | SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2006-5951 | 0.03 | — | 0.03 | Nov 17, 2006 | PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | ||
| CVE-2011-3736 | 0.00 | — | 0.00 | Sep 23, 2011 | ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | ||
| CVE-2007-5991 | 0.00 | — | 0.00 | Nov 15, 2007 | SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. | ||
| CVE-2007-5990 | 0.00 | — | 0.01 | Nov 15, 2007 | Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php. |
- CVE-2008-6917Aug 7, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
- CVE-2007-0676Feb 3, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2006-5951Nov 17, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
- CVE-2011-3736Sep 23, 2011risk 0.00cvss —epss 0.00
ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files.
- CVE-2007-5991Nov 15, 2007risk 0.00cvss —epss 0.00
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
- CVE-2007-5990Nov 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php.