Iscripts » Socialware : Security Vulnerabilities, CVEs,
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
Max CVSS
7.5
EPSS Score
0.25%
Published
2008-04-16
Updated
2017-09-29
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
Max CVSS
6.5
EPSS Score
0.30%
Published
2008-04-15
Updated
2017-09-29
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.15%
Published
2008-04-14
Updated
2017-09-29
3 vulnerabilities found