MidnightBSD

Advisories for all_enthusiast_inc

CVE-2004-2175 HIGH

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
all_enthusiast_inc reviewpost_php_pro 2.5
all_enthusiast_inc reviewpost_php_pro 2.5.1
CVE-2006-4864 HIGH

PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
all_enthusiast_inc reviewpost_php_pro 2.5