Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
0.25%
Published
2006-12-31
Updated
2008-09-05
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
Max CVSS
7.5
EPSS Score
0.54%
Published
2006-12-31
Updated
2017-10-19
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
Max CVSS
5.0
EPSS Score
0.61%
Published
2006-12-31
Updated
2017-10-19
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
Max CVSS
6.8
EPSS Score
2.31%
Published
2006-12-31
Updated
2017-10-19
4 vulnerabilities found