VYPR
Vendor

PHP Post

Products
2
CVEs
4
Across products
6
Status
Private

Products

2

Recent CVEs

4
  • CVE-2006-3772Jul 24, 2006
    risk 0.04cvss epss 0.17

    PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.

  • CVE-2005-3770Nov 23, 2005
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.

  • CVE-2005-0831May 2, 2005
    risk 0.00cvss epss 0.01

    PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.

  • CVE-2005-0832May 2, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.