Net Portal Dynamic System : Security Vulnerabilities, CVEs, Published In 2007
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
Max CVSS
9.0
EPSS Score
0.34%
Published
2007-03-23
Updated
2018-10-16
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-03-23
Updated
2018-10-16
2 vulnerabilities found