Phpwebsite : Security Vulnerabilities, CVEs, Published In 2003
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
Max CVSS
7.8
EPSS Score
0.33%
Published
2003-10-20
Updated
2016-10-18
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-10-20
Updated
2016-10-18
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
Max CVSS
6.8
EPSS Score
0.70%
Published
2003-10-20
Updated
2016-10-18
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2003-10-20
Updated
2016-10-18
4 vulnerabilities found