Filtered by vendor Pligg
Subscribe
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2435 | 1 Pligg | 1 Pligg Cms | 2012-05-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks. | |||||
| CVE-2011-3794 | 1 Pligg | 1 Pligg Cms | 2012-05-21 | 5.0 MEDIUM | N/A |
| Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files. | |||||
| CVE-2011-3986 | 1 Pligg | 1 Pligg Cms | 2011-11-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2577 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. | |||||
| CVE-2010-3013 | 1 Pligg | 1 Pligg Cms | 2010-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. | |||||
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2010-06-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | |||||
| CVE-2009-4788 | 1 Pligg | 1 Pligg Cms | 2010-06-03 | 4.3 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. | |||||
| CVE-2009-4786 | 1 Pligg | 1 Pligg Cms | 2010-04-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. | |||||