W-Agora: >> W-Agora >> 4.1.5 Security Vulnerabilities
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
CVSS Score
7.5
EPSS Score
0.029
Published
2011-10-05
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
CVSS Score
4.3
EPSS Score
0.023
Published
2011-10-05
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-12-31
Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.
CVSS Score
4.3
EPSS Score
0.007
Published
2002-12-31