Project Alumni » Project Alumni : Security Vulnerabilities, CVEs,

CVE-2008-2118

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-05-08
Updated
2018-10-11

CVE-2008-2117

Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-05-08
Updated
2018-10-11

CVE-2007-6184

Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
Max CVSS
7.5
EPSS Score
3.65%
Published
2007-11-30
Updated
2017-09-29

CVE-2007-6127

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
Max CVSS
7.5
EPSS Score
0.22%
Published
2007-11-26
Updated
2017-09-29

CVE-2007-6126

Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-11-26
Updated
2017-09-29
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close