Pvpgn: Security Vulnerabilities
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
CVSS Score
6.9
EPSS Score
0.0
Published
2008-12-08
Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-12-31