Azzcoder

#9609of 53,608
28.7Total CVSS
Vulnerabilities · 5
Low
1
Medium
2
High
2
PT-2008-4801
2.6
2008-07-31
Xrms · Xrms Crm · CVE-2008-3398
**Name of the Vulnerable Software and Affected Versions** XRMS CRM version 1.99.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `msg` parameter to unspecified components, possibly including "login.php". **Recommendations** For XRMS CRM version 1.99.2, consider restricting access to the `msg` parameter in affected components to minimize the risk of exploitation. Avoid using the `msg` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2008-4802
6.8
2008-07-31
Xrms · Xrms Crm · CVE-2008-3399
**Name of the Vulnerable Software and Affected Versions** XRMS CRM version 1.99.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `include directory` parameter in activities/workflow-activities.php when register globals is enabled. **Recommendations** For XRMS CRM version 1.99.2, consider disabling the register globals setting to prevent exploitation, and restrict access to the `include directory` parameter in the affected file until a patch is available.
PT-2008-4803
4.3
2008-07-31
Xrms · Xrms Crm · CVE-2008-3400
**Name of the Vulnerable Software and Affected Versions** XRMS CRM version 1.99.2 **Description** The issue allows remote attackers to obtain configuration information by making a direct request to "tests/info.php", which calls the `phpinfo` function. **Recommendations** For XRMS CRM version 1.99.2, consider restricting access to the "tests/info.php" file to prevent unauthorized disclosure of configuration information. As a temporary workaround, removing or disabling the `phpinfo` function call in "tests/info.php" can help minimize the risk of exploitation.
PT-2006-5711
7.5
2006-09-25
Phpbb · Pnphpbb · CVE-2006-4968
**Name of the Vulnerable Software and Affected Versions** PNphpBB version 1.2g **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/functions admin.php file. **Recommendations** For PNphpBB version 1.2g, consider restricting access to the `phpbb root path` parameter to minimize the risk of exploitation. Avoid using the `phpbb root path` parameter in the affected includes/functions admin.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5555
7.5
2006-09-14
Phpbb · Phpbb Xs · CVE-2006-4780
**Name of the Vulnerable Software and Affected Versions** phpBB XS versions 0.58 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/functions.php file. **Recommendations** For phpBB XS versions 0.58 and earlier, consider restricting access to the `phpbb root path` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.