Ekinboard : Security Vulnerabilities, CVEs, CVSS score >= 6
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
Max CVSS
6.8
EPSS Score
1.09%
Published
2009-09-02
Updated
2017-09-29
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
Max CVSS
6.8
EPSS Score
0.65%
Published
2009-09-02
Updated
2017-09-29
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.
Max CVSS
7.5
EPSS Score
1.90%
Published
2006-03-10
Updated
2018-10-18
3 vulnerabilities found