Myphpscripts Login Session : Security vulnerabilities, CVEs

Copy

CVE-2008-5855

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

Max CVSS

5.0

EPSS Score

0.32%

Published

2009-01-06

Updated

2017-09-29

CVE-2008-5854

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.

Max CVSS

4.3

EPSS Score

0.25%

Published

2009-01-06

Updated

2017-09-29

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!