listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
Max CVSS
7.1
EPSS Score
0.59%
Published
2007-06-06
Updated
2017-07-29
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2007-06-06
Updated
2017-10-11
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
2.39%
Published
2007-05-16
Updated
2017-07-29
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.
Max CVSS
7.5
EPSS Score
5.10%
Published
2007-02-06
Updated
2017-10-19
4 vulnerabilities found