CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 2CVE-2007-4009 – Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4009
26 Jul 2007 — PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en el archivo admin/business_inc/saveserver.php en SWSoft Confixx Pro versiones 2.0.12 hasta 3.3.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro thisdir. • https://www.exploit-db.com/exploits/4219 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3179
https://notcve.org/view.php?id=CVE-2006-3179
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tools_ftp_pwaendern.php en Confixx Pro v.3.0 y posiblemente en versiones anteriores, permite a atacantes remotos inyectar código script web de su elección o HTML a través del parámetro account. • http://secunia.com/advisories/20728 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2006-2423 – Confixx 3.0/3.1 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2423
17 May 2006 — Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. • https://www.exploit-db.com/exploits/27884 •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 3CVE-2006-1754 – SWSoft Confixx 3.0.6/3.0.8/3.1.2 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-1754
13 Apr 2006 — SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. • https://www.exploit-db.com/exploits/27628 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-1302
https://notcve.org/view.php?id=CVE-2005-1302
26 Apr 2005 — SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. • http://marc.info/?l=bugtraq&m=111444886429814&w=2 •