Article Directory
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15960 | Cri | 0.67 | 9.8 | 0.02 | Oct 29, 2017 | Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | ||
| CVE-2009-2397 | 0.03 | — | 0.03 | Jul 9, 2009 | Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||
| CVE-2009-2236 | 0.03 | — | 0.01 | Jun 27, 2009 | SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-4007 | 0.03 | — | 0.03 | Jul 26, 2007 | PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2023-30751 | 0.00 | — | 0.00 | Aug 14, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions. | |||
| CVE-2023-0422 | 0.00 | — | 0.00 | Apr 10, 2023 | The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. |
- risk 0.67cvss 9.8epss 0.02
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
- CVE-2009-2397Jul 9, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
- CVE-2009-2236Jun 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-4007Jul 26, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2023-30751Aug 14, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.
- CVE-2023-0422Apr 10, 2023risk 0.00cvss —epss 0.00
The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.