Rens Rikkerink : Security vulnerabilities, CVEs

Copy

CVE-2009-1489

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.

Max CVSS

7.5

EPSS Score

1.10%

Published

2009-04-29

Updated

2017-09-29

CVE-2009-1488

Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.

Max CVSS

6.8

EPSS Score

1.59%

Published

2009-04-29

Updated

2017-09-29

CVE-2009-1487

SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.

Max CVSS

7.5

EPSS Score

0.27%

Published

2009-04-29

Updated

2017-09-29

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!