Avatic : Security Vulnerabilities, CVEs, CVSS score >= 5
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.31%
Published
2009-07-02
Updated
2018-10-10
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.33%
Published
2009-07-02
Updated
2018-10-10
Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.
Max CVSS
7.5
EPSS Score
2.37%
Published
2007-04-03
Updated
2018-10-16
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
Max CVSS
6.8
EPSS Score
2.82%
Published
2007-02-23
Updated
2017-10-11
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
Max CVSS
6.4
EPSS Score
3.84%
Published
2006-05-03
Updated
2017-10-19
5 vulnerabilities found