Saudi Hackrz

#7808of 53,632
35.1Total CVSS
Vulnerabilities · 5
Medium
1
High
4
PT-2006-5713
7.5
2006-09-25
Wahm · Wahm E-Commerce Pie Cart Pro · CVE-2006-4970
**Name of the Vulnerable Software and Affected Versions** WAHM E-Commerce Pie Cart Pro (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Home Path` parameter in the enc/content.php file. **Recommendations** For WAHM E-Commerce Pie Cart Pro, consider restricting access to the `Home Path` parameter in the enc/content.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5581
7.5
2006-09-15
Reamday Enterprises · Magic News Pro · CVE-2006-4823
**Name of the Vulnerable Software and Affected Versions** Reamday Enterprises Magic News Pro versions 1.0.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `script path` parameter in the scripts/news page.php file. **Recommendations** For versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue.
PT-2006-5455
7.5
2006-09-09
Photokorn · Photokorn Gallery · CVE-2006-4670
**Name of the Vulnerable Software and Affected Versions** PhotoKorn Gallery versions 1.52 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir path` parameter in includes/cart.inc.php or extras/ext cats.php. **Recommendations** For PhotoKorn Gallery versions 1.52 and earlier, consider restricting access to the `dir path` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `dir path` parameter in the includes/cart.inc.php and extras/ext cats.php files until the issue is resolved.
PT-2006-5404
5.1
2006-09-07
Intechnic · Intechnic In-Link · CVE-2006-4618
**Name of the Vulnerable Software and Affected Versions** ADOdb versions prior to 4.01 Intechnic In-link version 2.3.4 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `ADODB DIR` parameter. **Recommendations** For ADOdb versions prior to 4.01, update to a version later than 4.01 to resolve the issue. For Intechnic In-link version 2.3.4, consider disabling the use of the `ADODB DIR` parameter until a patch is available.
PT-2006-5052
7.5
2006-08-21
Powergap · Powergap · CVE-2006-4236
**Name of the Vulnerable Software and Affected Versions** POWERGAP (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `shopid` parameter to various PHP files, including `s01.php`, `s02.php`, `s03.php`, and `s04.php`. It may also be possible to exploit this issue via a URL located after "shopid=" or "sid=" in the PATH INFO. **Recommendations** As a temporary workaround, consider restricting access to the `s01.php`, `s02.php`, `s03.php`, and `s04.php` files until a patch is available. Avoid using the `shopid` parameter in the affected API endpoints until the issue is resolved. Restrict access to URLs containing "shopid=" or "sid=" in the PATH INFO to minimize the risk of exploitation.