Availscript : Security Vulnerabilities, CVEs, CVSS score >= 4

CVE-2008-7021

Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
Max CVSS
6.0
EPSS Score
0.71%
Published
2009-08-21
Updated
2017-09-29

CVE-2008-6900

Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.
Max CVSS
6.5
EPSS Score
0.71%
Published
2009-08-06
Updated
2017-09-29

CVE-2008-6037

SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-02-03
Updated
2017-09-29

CVE-2008-4375

SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-10-01
Updated
2017-09-29

CVE-2008-4373

SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-10-01
Updated
2017-09-29

CVE-2008-4372

Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-10-01
Updated
2017-09-29

CVE-2008-4371

SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2008-10-01
Updated
2017-09-29

CVE-2008-4370

Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-10-01
Updated
2017-09-29

CVE-2008-4369

SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-10-01
Updated
2017-09-29
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close