China-on-siteCVEs & Vulnerabilities

9 CVEs affecting China-on-site products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

flexphplink 3flexphpdirectory 2flexphpic 2flexphpnews 2flexphpsite 2flexcustomer0.0.6 1
CVE-2008-6761CRITICALpoc

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.

28 Apr 2009
10.0
CVSS
CVE-2008-6750MEDIUMpoc

Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.

24 Apr 2009
6.8
CVSS
CVE-2008-6749MEDIUMpoc

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.

24 Apr 2009
6.8
CVSS
CVE-2008-6731CRITICALpoc

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

20 Apr 2009
9.3
CVSS
CVE-2008-6730MEDIUMpoc

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

20 Apr 2009
6.8
CVSS
CVE-2008-6241MEDIUMpoc

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

23 Feb 2009
6.8
CVSS
CVE-2008-6142HIGHpoc

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

16 Feb 2009
7.5
CVSS
CVE-2008-5927HIGHpoc

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.

21 Jan 2009
7.5
CVSS
CVE-2005-1237HIGHpoc

SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

2 May 2005
7.5
CVSS
← PrevPage 1 / 1Next →