Php-Update: >> Php-Update Security Vulnerabilities
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
CVSS Score
7.5
EPSS Score
0.033
Published
2006-12-31
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
CVSS Score
6.0
EPSS Score
0.034
Published
2006-12-31
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2006-12-31
Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters.
CVSS Score
7.5
EPSS Score
0.033
Published
2006-12-20