CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1565
https://notcve.org/view.php?id=CVE-2004-1565
31 Dec 2004 — list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 4CVE-2002-1878 – W-Agora 4.1.x - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-1878
31 Dec 2002 — PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. • https://www.exploit-db.com/exploits/21529 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2128
https://notcve.org/view.php?id=CVE-2002-2128
31 Dec 2002 — editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2129 – W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2129
31 Dec 2002 — Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. • https://www.exploit-db.com/exploits/22109 •