Security Vulnerabilities, CVEs, Published In December 2008 CVSS score >= 5
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-12-31
Updated
2017-09-29
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2008-12-31
Updated
2017-08-08
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-12-31
Updated
2017-08-08
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-12-31
Updated
2017-08-08
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-12-31
Updated
2017-08-08
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.15%
Published
2008-12-31
Updated
2017-08-08
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
Max CVSS
5.0
EPSS Score
1.06%
Published
2008-12-31
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
Max CVSS
6.8
EPSS Score
2.28%
Published
2008-12-31
Updated
2017-09-29
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
Max CVSS
6.8
EPSS Score
2.72%
Published
2008-12-31
Updated
2018-10-11
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
Max CVSS
10.0
EPSS Score
0.38%
Published
2008-12-31
Updated
2017-08-08
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
Max CVSS
7.5
EPSS Score
1.04%
Published
2008-12-31
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
Max CVSS
7.5
EPSS Score
2.51%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-12-31
Updated
2017-09-29
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
Max CVSS
5.4
EPSS Score
1.50%
Published
2008-12-31
Updated
2018-10-11
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-12-31
Updated
2017-09-29
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
Max CVSS
9.8
EPSS Score
1.69%
Published
2008-12-31
Updated
2024-02-08
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
Max CVSS
7.5
EPSS Score
1.78%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-12-31
Updated
2017-09-29
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-12-30
Updated
2017-09-29
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
Max CVSS
5.0
EPSS Score
0.73%
Published
2008-12-30
Updated
2017-09-29
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-12-30
Updated
2017-09-29