CVEDB API

Vulnerabilities

Vulnerable Software

Linpha: >> Linpha >> 1.2.0 Security Vulnerabilities

CVE-2008-7223

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.

CVSS Score

4.3

EPSS Score

0.004

Published

2009-09-14

CVE-2008-6571

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.

CVSS Score

4.3

EPSS Score

0.004

Published

2009-03-31

CVE-2008-1856

plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.

CVSS Score

5.1

EPSS Score

0.034

Published

2008-04-16

CVE-2008-1487

CVSS Score

4.3

EPSS Score

0.003

Published

2008-03-24

Page 1

Vulnerabilities

Vulnerable Software

Linpha: >> Linpha >> 1.2.0 Security Vulnerabilities

Products

Pricing

Contact Us