NotCVE - vendor:"W-agora" product:"W-agora" version:"4.0"

4 results (0.002 seconds)

CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 2

CVE-2010-4867 – W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-4867

05 Oct 2011 — Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. Vulnerabilidad de salto de directorio en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de .. (punto punto) en el parámetro bn. • https://www.exploit-db.com/exploits/34905 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 2%CPEs: 16EXPL: 3

CVE-2010-4868 – W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-4868

05 Oct 2011 — Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro bn. • https://www.exploit-db.com/exploits/34906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 10

CVE-2008-1466 – W-Agora 4.0 - 'add_user.php?bn_dir_default' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2008-1466

24 Mar 2008 — Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inclusi... • https://www.exploit-db.com/exploits/31449 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-6647 – w-Agora 4.2.1 - 'cat' SQL Injection

https://notcve.org/view.php?id=CVE-2007-6647

04 Jan 2008 — SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de w-Agora 4.2.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/4817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •