China-on-site » Flexphpdirectory : Security Vulnerabilities, CVEs,
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
Max CVSS
6.8
EPSS Score
1.55%
Published
2009-04-24
Updated
2017-09-29
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
Max CVSS
6.8
EPSS Score
0.14%
Published
2009-04-24
Updated
2017-09-29
2 vulnerabilities found