Xtreme Scripts : Security Vulnerabilities, CVEs, CVSS score >= 5
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.
Max CVSS
7.5
EPSS Score
13.70%
Published
2006-06-12
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
Max CVSS
5.1
EPSS Score
0.18%
Published
2006-05-23
Updated
2011-03-08
Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
Max CVSS
5.1
EPSS Score
1.29%
Published
2006-05-23
Updated
2018-10-18
3 vulnerabilities found