Black-Cod3

#11245of 53,619
24.4Total CVSS
Vulnerabilities · 4
Low
1
Medium
1
High
2
PT-2006-3753
7.5
2006-06-06
Sap · Saphplesson · CVE-2006-2835
**Name of the Vulnerable Software and Affected Versions** saphplesson version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `forumid` parameter in "add.php" and the `lessid` parameter in "show.php". **Recommendations** For version 2.0, consider restricting access to the `add.php` and `show.php` scripts until a patch is available. As a temporary workaround, avoid using the `forumid` and `lessid` parameters in the affected API endpoints.
PT-2006-3727
6.8
2006-06-05
A Blog · A-Blog · CVE-2006-2809
**Name of the Vulnerable Software and Affected Versions** ar-blog version 5.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `count` parameter, and possibly the `next`, `Year the news`, and `mo` parameters in the index.php file. **Recommendations** For ar-blog version 5.2, consider restricting access to the index.php file until a patch is available, and avoid using the `count`, `next`, `Year the news`, and `mo` parameters in the meantime.
PT-2006-3648
2.6
2006-06-01
Unknown · Photoalbum B&W · CVE-2006-2728
**Name of the Vulnerable Software and Affected Versions** Photoalbum B&W version 1.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `pic` parameter in the `index.php` file of the superalbum component. **Recommendations** For version 1.3, avoid using the `pic` parameter in the `/index.php` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `index.php` file in the superalbum component to minimize the risk of exploitation.
PT-2006-3614
7.5
2006-05-31
Ezupload · Ezupload Pro · CVE-2006-2694
**Name of the Vulnerable Software and Affected Versions** EzUpload Pro version 2.10 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter to API endpoints such as "form.php", "customize.php", and "initialize.php". **Recommendations** For EzUpload Pro version 2.10, consider restricting access to the vulnerable API endpoints "form.php", "customize.php", and "initialize.php" to minimize the risk of exploitation. Avoid using the `path` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.