Vulnerabilities
Vulnerable Software
Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2011-12-08
The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-05-02
index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-05-02
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
CVSS Score
7.5
EPSS Score
0.015
Published
2004-12-31


Contact Us

Shodan ® - All rights reserved