4homepages : Security Vulnerabilities, CVEs, Published In 2009

CVE-2009-2380

Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-07-08
Updated
2017-08-17

CVE-2009-2132

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-06-19
Updated
2009-06-25

CVE-2009-2131

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
Max CVSS
3.5
EPSS Score
0.11%
Published
2009-06-19
Updated
2017-09-29
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close