Php Web Scripts
Products
5- 4 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-3192 | 0.04 | — | 0.12 | Jun 23, 2006 | PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | ||
| CVE-2010-4843 | 0.03 | — | 0.01 | Sep 27, 2011 | SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | ||
| CVE-2010-4784 | 0.03 | — | 0.02 | Apr 7, 2011 | Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||
| CVE-2010-4783 | 0.03 | — | 0.06 | Apr 7, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. | ||
| CVE-2009-4828 | 0.03 | — | 0.00 | Apr 27, 2010 | Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information. | ||
| CVE-2009-4349 | 0.03 | — | 0.02 | Dec 17, 2009 | Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||
| CVE-2008-1162 | 0.03 | — | 0.01 | Mar 5, 2008 | SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter. | ||
| CVE-2007-0178 | 0.03 | — | 0.03 | Jan 11, 2007 | PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | ||
| CVE-2006-5166 | 0.03 | — | 0.02 | Oct 5, 2006 | PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | ||
| CVE-2005-4233 | 0.03 | — | 0.00 | Dec 14, 2005 | SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | ||
| CVE-2005-4230 | 0.00 | — | 0.00 | Dec 14, 2005 | SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | ||
| CVE-2005-4231 | 0.00 | — | 0.00 | Dec 14, 2005 | Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php. |
- CVE-2006-3192Jun 23, 2006risk 0.04cvss —epss 0.12
PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php.
- CVE-2010-4843Sep 27, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
- CVE-2010-4784Apr 7, 2011risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
- CVE-2010-4783Apr 7, 2011risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
- CVE-2009-4828Apr 27, 2010risk 0.03cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
- CVE-2009-4349Dec 17, 2009risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
- CVE-2008-1162Mar 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.
- CVE-2007-0178Jan 11, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
- CVE-2006-5166Oct 5, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
- CVE-2005-4233Dec 14, 2005risk 0.03cvss —epss 0.00
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter.
- CVE-2005-4230Dec 14, 2005risk 0.00cvss —epss 0.00
SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter.
- CVE-2005-4231Dec 14, 2005risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php.