MidnightBSD

Advisories for pdfdirectory

CVE-2006-0313 HIGH

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
pdfdirectory pdfdirectory 0.2.5
pdfdirectory pdfdirectory 0.2.8
pdfdirectory pdfdirectory 0.2.3
pdfdirectory pdfdirectory 0.2.7
pdfdirectory pdfdirectory 0.2.11
pdfdirectory pdfdirectory 0.2.6
pdfdirectory pdfdirectory 0.2.4
pdfdirectory pdfdirectory 0.2.10
pdfdirectory pdfdirectory 0.2.2
pdfdirectory pdfdirectory 0.2.9
CVE-2006-0314 HIGH

PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
pdfdirectory pdfdirectory 0.2.5
pdfdirectory pdfdirectory 0.2.8
pdfdirectory pdfdirectory 0.2.3
pdfdirectory pdfdirectory 0.2.7
pdfdirectory pdfdirectory 0.2.11
pdfdirectory pdfdirectory 0.2.6
pdfdirectory pdfdirectory 0.2.4
pdfdirectory pdfdirectory 0.2.10
pdfdirectory pdfdirectory 0.2.2
pdfdirectory pdfdirectory 0.2.9