VYPR
Vendor

Projectpier

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2012-10036CriAug 8, 2025
    risk 0.70cvss epss 0.02

    Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a…

  • CVE-2018-10759CriMay 16, 2018
    risk 0.64cvss 9.8epss 0.02

    PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.

  • CVE-2018-10760HigMay 16, 2018
    risk 0.57cvss 8.8epss 0.01

    Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory…

  • CVE-2013-3637MedFeb 7, 2020
    risk 0.35cvss 5.4epss 0.01

    ProjectPier 0.8.8 does not use the Secure flag for cookies

  • CVE-2013-3636MedFeb 7, 2020
    risk 0.35cvss 5.4epss 0.01

    ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag

  • CVE-2013-3635MedFeb 7, 2020
    risk 0.35cvss 5.4epss 0.01

    ProjectPier 0.8.8 has stored XSS

  • CVE-2015-2796MedFeb 2, 2018
    risk 0.33cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.

  • CVE-2008-5584Dec 15, 2008
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.

  • CVE-2011-3797Sep 24, 2011
    risk 0.00cvss epss 0.01

    ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.

  • CVE-2008-5583Dec 15, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.