Peterselie : Security Vulnerabilities, CVEs, CVSS score >= 6
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.
Max CVSS
6.5
EPSS Score
0.31%
Published
2009-04-29
Updated
2017-09-29
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
Max CVSS
7.5
EPSS Score
0.54%
Published
2009-04-29
Updated
2017-09-29
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Max CVSS
6.0
EPSS Score
0.51%
Published
2009-04-29
Updated
2017-09-29
3 vulnerabilities found