SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
Max CVSS
6.8
EPSS Score
0.06%
Published
2009-08-20
Updated
2017-09-19
SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.
Max CVSS
7.5
EPSS Score
7.87%
Published
2006-06-06
Updated
2018-10-18
Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
Max CVSS
7.5
EPSS Score
0.64%
Published
2006-05-10
Updated
2018-10-18
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
Max CVSS
5.0
EPSS Score
0.95%
Published
2006-05-10
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.
Max CVSS
4.3
EPSS Score
0.55%
Published
2006-04-11
Updated
2018-10-18
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
Max CVSS
5.0
EPSS Score
0.68%
Published
2006-03-28
Updated
2018-10-18
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!