Exhibit Engine : Security Vulnerabilities, CVEs,
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
Max CVSS
7.5
EPSS Score
5.05%
Published
2006-10-16
Updated
2017-10-19
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
Max CVSS
7.5
EPSS Score
0.44%
Published
2005-06-02
Updated
2016-10-18
2 vulnerabilities found