| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-1607 | 5.0 |
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1606 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, o
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1604 | 7.5 |
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using br
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1605 | 5.0 |
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 |