Comdev: Security Vulnerabilities
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.009
Published
2006-10-20
PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
CVSS Score
7.5
EPSS Score
0.059
Published
2006-10-03
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-11-26
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.
CVSS Score
5.0
EPSS Score
0.031
Published
2005-08-10
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-08-10
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-07-05
Page 2