Show filters
9 Total Results
Displaying 1-9 of 9
Sort by:
Attacker Value
Unknown

CVE-2008-6761

Disclosure Date: April 28, 2009 (last updated October 04, 2023)
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
0
Attacker Value
Unknown

CVE-2008-6750

Disclosure Date: April 24, 2009 (last updated October 04, 2023)
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
0
Attacker Value
Unknown

CVE-2008-6749

Disclosure Date: April 24, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
0
Attacker Value
Unknown

CVE-2008-6730

Disclosure Date: April 20, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
0
Attacker Value
Unknown

CVE-2008-6731

Disclosure Date: April 20, 2009 (last updated October 04, 2023)
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
0
Attacker Value
Unknown

CVE-2008-6241

Disclosure Date: February 23, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
0
Attacker Value
Unknown

CVE-2008-6142

Disclosure Date: February 16, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
0
Attacker Value
Unknown

CVE-2008-5927

Disclosure Date: January 21, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
0
Attacker Value
Unknown

CVE-2005-1237

Disclosure Date: May 02, 2005 (last updated February 22, 2025)
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
0