MidnightBSD

Advisories for socialmpn

CVE-2005-0691 HIGH

PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
socialmpn socialmpn 1.2.5
socialmpn socialmpn 1.2.2
socialmpn socialmpn 1.2.3
socialmpn socialmpn 1.2.1
socialmpn socialmpn 1.2.4
CVE-2005-2031 HIGH

Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
socialmpn socialmpn *