Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phprojekt phprojekt vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-1575
Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user log...
Phprojekt Phprojekt 5.1
Phprojekt Phprojekt 5.1.1
Phprojekt Phprojekt 5.1.2
Phprojekt Phprojekt 5.2
7.5
CVSSv2
CVE-2006-5123
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x prior to 5.1.2 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix...
Phprojekt Phprojekt 5.0.2
Phprojekt Phprojekt 5.1
Phprojekt Phprojekt 5.0
Phprojekt Phprojekt 5.0.1
Phprojekt Phprojekt 5.1 Beta
Phprojekt Phprojekt
7.5
CVSSv2
CVE-2006-4204
Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote malicious users to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php.
Phprojekt Phprojekt
1 EDB exploit
7.5
CVSSv2
CVE-2004-2739
The setup routine (setup.php) in PHProjekt 4.2.1 and previous versions allows remote malicious users to modify system configuration via unknown attack vectors.
Phprojekt Phprojekt 2.1a
Phprojekt Phprojekt 2.2
Phprojekt Phprojekt 3.2
Phprojekt Phprojekt 2.0.1
Phprojekt Phprojekt 2.1
Phprojekt Phprojekt 3.1
Phprojekt Phprojekt 3.1a
Phprojekt Phprojekt 2.3
Phprojekt Phprojekt 2.4
Phprojekt Phprojekt 2.0
Phprojekt Phprojekt 2.4a
Phprojekt Phprojekt 3.0
7.5
CVSSv2
CVE-2002-1757
PHProjekt 2.0 up to and including 3.1 relies on the $PHP_SELF variable for authentication, which allows remote malicious users to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP...
Phprojekt Phprojekt 2.0
Phprojekt Phprojekt 2.0.1
Phprojekt Phprojekt 3.1
Phprojekt Phprojekt 3.1a
Phprojekt Phprojekt 2.2
Phprojekt Phprojekt 2.3
Phprojekt Phprojekt 2.4
Phprojekt Phprojekt 2.4a
Phprojekt Phprojekt 3.0
Phprojekt Phprojekt 2.1
Phprojekt Phprojekt 2.1a
1 EDB exploit
7.5
CVSSv2
CVE-2002-1760
Multiple SQL injection vulnerabilities in PHProjekt 2.0 up to and including 3.1 allow remote malicious users to execute arbitrary SQL commands via the unknown attack vectors.
Phprojekt Phprojekt 2.4
Phprojekt Phprojekt 2.4a
Phprojekt Phprojekt 2.1
Phprojekt Phprojekt 2.1a
Phprojekt Phprojekt 3.1a
Phprojekt Phprojekt 2.2
Phprojekt Phprojekt 2.3
Phprojekt Phprojekt 2.0
Phprojekt Phprojekt 2.0.1
Phprojekt Phprojekt 3.0
Phprojekt Phprojekt 3.1
7.5
CVSSv2
CVE-2002-0451
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote malicious users to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
Phpprojekt Phpprojekt 3.1a
Phpprojekt Phpprojekt 3.1
1 EDB exploit
7.5
CVSSv2
CVE-2001-0995
PHProjekt prior to 2.4a allows remote malicious users to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
Phpprojekt Phpprojekt 2.0
Phpprojekt Phpprojekt 2.0.1
Phpprojekt Phpprojekt 2.1
Phpprojekt Phpprojekt 2.3
Phpprojekt Phpprojekt
Phpprojekt Phpprojekt 2.1a
Phpprojekt Phpprojekt 2.2
6.8
CVSSv2
CVE-2008-2217
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.
Mario Valdez Content Management System 0.6.1
1 EDB exploit
6.8
CVSSv2
CVE-2007-1638
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote malicious users to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contact...
Phpprojekt Phpprojekt 5.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »