Shodan
Vulnerabilities
Vulnerable Software
Phpwebsite:  Security Vulnerabilities
CVE-2004-2322
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
CVSS Score
7.5
EPSS Score
0.015
Published
2004-12-31
CVE-2004-1654
SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.
CVSS Score
7.5
EPSS Score
0.011
Published
2004-09-01
CVE-2004-1655
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
CVSS Score
4.3
EPSS Score
0.019
Published
2004-09-01
CVE-2003-0735
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
CVSS Score
7.5
EPSS Score
0.011
Published
2003-10-20
CVE-2003-0736
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
CVSS Score
6.8
EPSS Score
0.011
Published
2003-10-20
CVE-2003-0737
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
CVSS Score
5.0
EPSS Score
0.004
Published
2003-10-20
CVE-2003-0738
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
CVSS Score
7.8
EPSS Score
0.006
Published
2003-10-20
CVE-2002-1807
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
CVSS Score
4.3
EPSS Score
0.004
Published
2002-12-31
CVE-2002-2178
Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag.
CVSS Score
4.3
EPSS Score
0.005
Published
2002-12-31
CVE-2002-1135
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
CVSS Score
7.5
EPSS Score
0.051
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved