Vendor
David Degner
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2219 | 0.03 | — | 0.01 | Jun 25, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d)… | |||
| CVE-2009-2218 | 0.03 | — | 0.02 | Jun 25, 2009 | Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php;… | |||
| CVE-2009-2096 | 0.03 | — | 0.01 | Jun 17, 2009 | SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. |
- CVE-2009-2219Jun 25, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d)…
- CVE-2009-2218Jun 25, 2009risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php;…
- CVE-2009-2096Jun 17, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.