Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| accomplishtechnology | phpmydirectory | 10.1.3 |
PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| accomplishtechnology | phpmydirectory | 1.2.0 |
| accomplishtechnology | phpmydirectory | 1.0.4 |
| accomplishtechnology | phpmydirectory | 1.1.3 |
| accomplishtechnology | phpmydirectory | 1.4.0 |
| accomplishtechnology | phpmydirectory | 1.3.5 |
| accomplishtechnology | phpmydirectory | 1.0.6 |
| accomplishtechnology | phpmydirectory | 1.3.2 |
| accomplishtechnology | phpmydirectory | 10.1.3 |
| accomplishtechnology | phpmydirectory | 1.0.7 |
| accomplishtechnology | phpmydirectory | 1.0.1 |
| accomplishtechnology | phpmydirectory | 1.1.6 |
| accomplishtechnology | phpmydirectory | 1.0.3 |
| accomplishtechnology | phpmydirectory | 1.1.8 |
| accomplishtechnology | phpmydirectory | 1.1.7 |
| accomplishtechnology | phpmydirectory | 1.1.9 |
| accomplishtechnology | phpmydirectory | 1.0 |
| accomplishtechnology | phpmydirectory | 1.0.9 |
| accomplishtechnology | phpmydirectory | * |
| accomplishtechnology | phpmydirectory | 1.1.2 |
| accomplishtechnology | phpmydirectory | 1.1.5 |
| accomplishtechnology | phpmydirectory | 1.2.1 |
| accomplishtechnology | phpmydirectory | 1.3.3 |
| accomplishtechnology | phpmydirectory | 1.0.5 |
| accomplishtechnology | phpmydirectory | 1.1.0 |
| accomplishtechnology | phpmydirectory | 1.0.2 |
| accomplishtechnology | phpmydirectory | 1.0.8 |
| accomplishtechnology | phpmydirectory | 1.4.1 |
| accomplishtechnology | phpmydirectory | 1.1.4 |
| accomplishtechnology | phpmydirectory | 1.3.0 |
| accomplishtechnology | phpmydirectory | 1.1.1 |
| accomplishtechnology | phpmydirectory | 1.3.4 |
| accomplishtechnology | phpmydirectory | 1.3.1 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| accomplishtechnology | phpmydirectory | 1.2.0 |
| accomplishtechnology | phpmydirectory | 1.0.4 |
| accomplishtechnology | phpmydirectory | 1.1.3 |
| accomplishtechnology | phpmydirectory | 1.4.0 |
| accomplishtechnology | phpmydirectory | 1.3.5 |
| accomplishtechnology | phpmydirectory | 1.0.6 |
| accomplishtechnology | phpmydirectory | 1.3.2 |
| accomplishtechnology | phpmydirectory | 10.1.3 |
| accomplishtechnology | phpmydirectory | 1.0.7 |
| accomplishtechnology | phpmydirectory | 1.0.1 |
| accomplishtechnology | phpmydirectory | 1.1.6 |
| accomplishtechnology | phpmydirectory | 1.0.3 |
| accomplishtechnology | phpmydirectory | 1.1.8 |
| accomplishtechnology | phpmydirectory | 1.1.7 |
| accomplishtechnology | phpmydirectory | 1.1.9 |
| accomplishtechnology | phpmydirectory | 1.0 |
| accomplishtechnology | phpmydirectory | 1.0.9 |
| accomplishtechnology | phpmydirectory | * |
| accomplishtechnology | phpmydirectory | 1.1.2 |
| accomplishtechnology | phpmydirectory | 1.1.5 |
| accomplishtechnology | phpmydirectory | 1.2.1 |
| accomplishtechnology | phpmydirectory | 1.3.3 |
| accomplishtechnology | phpmydirectory | 1.0.5 |
| accomplishtechnology | phpmydirectory | 1.1.0 |
| accomplishtechnology | phpmydirectory | 1.0.2 |
| accomplishtechnology | phpmydirectory | 10.4.4 |
| accomplishtechnology | phpmydirectory | 1.0.8 |
| accomplishtechnology | phpmydirectory | 1.4.1 |
| accomplishtechnology | phpmydirectory | 1.1.4 |
| accomplishtechnology | phpmydirectory | 1.3.0 |
| accomplishtechnology | phpmydirectory | 1.1.1 |
| accomplishtechnology | phpmydirectory | 1.3.4 |
| accomplishtechnology | phpmydirectory | 1.3.1 |