Shodan
Vulnerabilities
Vulnerable Software
Kwsphp:  >> Kwsphp  Security Vulnerabilities
CVE-2008-6201
Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.043
Published
2009-02-20
CVE-2008-6197
SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-02-20
CVE-2008-1757
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-04-12
CVE-2008-1758
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-04-12
CVE-2008-1759
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-04-12
CVE-2007-5485
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-10-16
CVE-2007-4979
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-09-19
CVE-2007-4956
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVSS Score
7.5
EPSS Score
0.029
Published
2007-09-18
CVE-2007-4922
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.
CVSS Score
6.5
EPSS Score
0.003
Published
2007-09-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved