Iscripts: >> Socialware Security Vulnerabilities
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-04-16
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
CVSS Score
6.5
EPSS Score
0.006
Published
2008-04-15
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.035
Published
2008-04-14