PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Max CVSS
10.0
EPSS Score
0.54%
Published
2008-12-05
Updated
2017-09-29
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2008-12-05
Updated
2017-09-29
Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
Max CVSS
5.0
EPSS Score
1.67%
Published
2007-01-17
Updated
2017-10-19
3 vulnerabilities found