Saudi

#10016of 53,619
27.5Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2006-5586
7.5
2006-09-15
Photopost · Photopost · CVE-2006-4828
**Name of the Vulnerable Software and Affected Versions** PhotoPost versions 4.0 through 4.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PP PATH` parameter in the zipndownload.php file. This enables attackers to potentially gain control over the affected system. **Recommendations** For PhotoPost versions 4.0 through 4.6, consider restricting access to the zipndownload.php file until a patch is available. As a temporary workaround, avoid using the `PP PATH` parameter in the affected file to minimize the risk of exploitation.
PT-2006-4813
7.5
2006-08-01
Mamboxchange · Mamboxchange Moskool · CVE-2006-3967
**Name of the Vulnerable Software and Affected Versions** MamboXChange Moskool version 1.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the component/option,com moskool/Itemid,34/admin.moskool.php file. **Recommendations** For MamboXChange Moskool version 1.5, consider restricting access to the `admin.moskool.php` file to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in the affected URL until the issue is resolved.
PT-2006-4412
7.5
2006-07-12
Randshop · Randshop · CVE-2006-3537
**Name of the Vulnerable Software and Affected Versions** Randshop versions prior to 1.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `dateiPfad` parameter in the index.php file. This is a different vector than previously identified issues. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dateiPfad` parameter in the index.php file to minimize the risk of exploitation.
PT-2006-2011
5.0
2006-03-03
Tony Baird · Tony Baird Fantastic News · CVE-2006-0972
**Name of the Vulnerable Software and Affected Versions** Tony Baird Fantastic News version 2.1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the news.php file. **Recommendations** For version 2.1.1, update the news.php file to properly sanitize the `page` parameter to prevent SQL injection attacks.