Vendor
Phprofession
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59797 | Med | 0.38 | 5.8 | 0.00 | Sep 22, 2025 | Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. | ||
| CVE-2004-1955 | 0.03 | — | 0.01 | Dec 31, 2004 | SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. | |||
| CVE-2004-1953 | 0.03 | — | 0.03 | Dec 31, 2004 | phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||
| CVE-2004-1954 | 0.03 | — | 0.02 | Apr 21, 2004 | Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. |
- risk 0.38cvss 5.8epss 0.00
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.
- CVE-2004-1955Dec 31, 2004risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.
- CVE-2004-1953Dec 31, 2004risk 0.03cvss —epss 0.03
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
- CVE-2004-1954Apr 21, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.