Preprojects: >> Pre Classified Listings Security Vulnerabilities
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-08-03
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
CVSS Score
4.3
EPSS Score
0.01
Published
2009-08-03
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVSS Score
7.5
EPSS Score
0.029
Published
2009-02-20
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVSS Score
5.0
EPSS Score
0.002
Published
2009-02-04