Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.

Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.

Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. NOTE: some of these details are obtained from third party information.

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.

Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.