CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4879
https://notcve.org/view.php?id=CVE-2006-4879
SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. Vulnerabilidad de inyección SQL en profile.php en David Bennett PHP-Post (PHPp) 1.0 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección vía el parámetro user. • http://secunia.com/advisories/22014 http://securityreason.com/securityalert/1607 http://www.securityfocus.com/archive/1/446318/100/0/threaded http://www.securityfocus.com/bid/20061 http://www.vupen.com/english/advisories/2006/3688 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4881 – PHP-post Web Forum 0.x.1.0 - 'pm.php?replyuser' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4881
Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en David Bennett PHP-Post (PHPp) 1.0 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección vía (1) el parámetro replyuser en (a) pm.php; (2) el parámetro txt_jumpto en (b) dropdown.php; los parámetros (3) txt_error y (4) txt_templatenotexist en (c) template.php; (5) el parámetro split en ciertos ficheros, como ha sido demostrado en (d) editprofile.php, (e) search.php, (f) index.php, y (g) pm.php; (6) y el parámetro txt_login en (h) loginline.php; además permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección vía (7) el parámetro txt_logout en (i) loginline.php. • https://www.exploit-db.com/exploits/28592 http://secunia.com/advisories/22014 http://securityreason.com/securityalert/1607 http://www.osvdb.org/28968 http://www.osvdb.org/28969 http://www.osvdb.org/28970 http://www.osvdb.org/28971 http://www.osvdb.org/28972 http://www.securityfocus.com/archive/1/446318/100/0/threaded http://www.securityfocus.com/bid/20061 http://www.vupen.com/english/advisories/2006/3688 https://exchange.xforce.ibmcloud.com/vulnerabilities/29017 •
CVSS: 5.0EPSS: 14%CPEs: 1EXPL: 1CVE-2006-4877 – PHP-post Web Forum 0.x.1.0 - 'profile.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-4877
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. Vulnerabilidad de sobreescritura de variable en David Bennett PHP-Post (PHPp) 1.0 y anteriores permite a atacantes remotos sobreescribir variables de programa de su elección vía múltiples vectores que usan la función extract, como ha sido demostrado por el parámetro table_prefix en (1) index.php, (2) profile.php y (3) header.php. • https://www.exploit-db.com/exploits/28591 http://secunia.com/advisories/22014 http://securityreason.com/securityalert/1607 http://www.osvdb.org/28965 http://www.osvdb.org/28966 http://www.osvdb.org/28967 http://www.securityfocus.com/archive/1/446318/100/0/threaded http://www.securityfocus.com/bid/20061 http://www.vupen.com/english/advisories/2006/3688 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4880
https://notcve.org/view.php?id=CVE-2006-4880
David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. David Bennett PHP-Post (PHPp) 1.0 y anteriores permite a atacantes remotos obtener información sensible vía una petición directa a (1) footer.php, (2) template.php o (3) lastvisit.php, lo cual revela la ruta de instalación en varios mensajes de error. • http://secunia.com/advisories/22014 http://securityreason.com/securityalert/1607 http://www.osvdb.org/28973 http://www.securityfocus.com/archive/1/446318/100/0/threaded http://www.securityfocus.com/bid/20061 http://www.vupen.com/english/advisories/2006/3688 •
CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 1CVE-2006-4878
https://notcve.org/view.php?id=CVE-2006-4878
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file. Vulnerabilidad de atravesamiento de directorios en footer.php en David Bennett PHP-Post (PHPp) 1.0 y anteriores permite a atacantes remotos leer ficheros locales de su elección vía una secuencia .. (punto punto) en el parámetro template. • http://secunia.com/advisories/22014 http://securityreason.com/securityalert/1607 http://www.osvdb.org/28964 http://www.securityfocus.com/archive/1/446318/100/0/threaded http://www.securityfocus.com/bid/20061 http://www.securityfocus.com/bid/20616 http://www.vupen.com/english/advisories/2006/3688 https://exchange.xforce.ibmcloud.com/vulnerabilities/29673 https://www.exploit-db.com/exploits/2593 •