D3Vil-0X1

#16272of 53,632
16.5Total CVSS
Vulnerabilities · 3
Medium
3
PT-2006-3244
5.0
2006-05-09
Saphplesson · Saphplesson · CVE-2006-2278
**Name of the Vulnerable Software and Affected Versions** SaphpLesson version 3.0 **Description** The issue allows remote attackers to obtain the full path by manipulating certain parameters in specific PHP files. This can be achieved by passing a non-array value to the `hrow` parameter in `show.php` or `index.php`, the `Lsnrow` parameter in `showcat.php`, or the `rows` parameter in `index.php`. **Recommendations** For SaphpLesson version 3.0, consider initializing array variables to prevent remote attackers from obtaining the full path. As a temporary workaround, restrict access to the `show.php`, `index.php`, and `showcat.php` files to minimize the risk of exploitation. Avoid using the `hrow`, `Lsnrow`, and `rows` parameters in the affected API endpoints until the issue is resolved.
PT-2006-2942
6.4
2006-04-21
Wwwthreads · Wwwthreads Rc 3 · CVE-2006-1958
**Name of the Vulnerable Software and Affected Versions** WWWThreads RC 3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two methods: 1. the `forumreferrer` cookie to `register.php` 2. the `messages` parameter in `message list.php`. **Recommendations** For WWWThreads RC 3, update the software to prevent SQL injection attacks, specifically by validating and sanitizing user input for the `forumreferrer` cookie and the `messages` parameter. As a temporary workaround, consider restricting access to `register.php` and `message list.php` to minimize the risk of exploitation.
PT-2006-2512
5.1
2006-03-30
Arab Portal · Arab Portal · CVE-2006-1504
Name of the Vulnerable Software and Affected Versions: Arab Portal versions 2.0 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `title` parameter in API endpoints such as "online.php" and "download.php". Recommendations: For version 2.0, as a temporary workaround, consider restricting access to the `title` parameter in the affected API endpoints until a patch is available. Avoid using the `title` parameter in "online.php" and "download.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.