4homepages : Security Vulnerabilities, CVEs, CVSS score >= 6
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2012-02-08
Updated
2017-08-29
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-06-19
Updated
2009-06-25
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
Max CVSS
7.5
EPSS Score
5.09%
Published
2006-10-11
Updated
2018-10-17
3 vulnerabilities found