CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18291
https://notcve.org/view.php?id=CVE-2017-18291
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET user. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18288
https://notcve.org/view.php?id=CVE-2017-18288
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET game. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18287
https://notcve.org/view.php?id=CVE-2017-18287
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro POST user_search. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18290
https://notcve.org/view.php?id=CVE-2017-18290
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET sort_direction. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18289
https://notcve.org/view.php?id=CVE-2017-18289
12 Jun 2018 — An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. Se ha descubierto un problema en PvPGN Stats 2.4.6. Existe una inyección SQL en ladder/stats.php mediante el parámetro GET type. • https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5370
https://notcve.org/view.php?id=CVE-2008-5370
08 Dec 2008 — pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. pvpgn-support-installer en pvpgn v1.8.1, permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico sobre el fichero temporal /tmp/pvpgn-support-1.0.tar.gz. • http://lists.debian.org/debian-devel/2008/08/msg00283.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2004-2705
https://notcve.org/view.php?id=CVE-2004-2705
31 Dec 2004 — Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets. • http://forums.pvpgn.org/index.php/topic%2C2655.0.html •