Ekinboard
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-7157 | 0.03 | — | 0.03 | Sep 2, 2009 | Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | ||
| CVE-2008-7156 | 0.03 | — | 0.01 | Sep 2, 2009 | EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | ||
| CVE-2005-3638 | 0.03 | — | 0.01 | Nov 16, 2005 | Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts. | ||
| CVE-2006-1130 | 0.00 | — | 0.01 | Mar 10, 2006 | Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | ||
| CVE-2006-1129 | 0.00 | — | 0.04 | Mar 10, 2006 | SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. |
- CVE-2008-7157Sep 2, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
- CVE-2008-7156Sep 2, 2009risk 0.03cvss —epss 0.01
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
- CVE-2005-3638Nov 16, 2005risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
- CVE-2006-1130Mar 10, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
- CVE-2006-1129Mar 10, 2006risk 0.00cvss —epss 0.04
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.