SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| atthat.com | thatware | * |
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| atthat.com | thatware | 0.5.2 |
| atthat.com | thatware | 0.5.3 |
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| atthat.com | thatware | * |
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| atthat.com | thatware | * |