prozilla 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-6115 | SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083. | [email protected] | 7.5 | 1.14% | 2009-02-11 | 2026-04-23 |
| CVE-2008-2083 | SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | [email protected] | 6.8 | 1.11% | 2008-05-05 | 2026-04-23 |
| CVE-2008-1864 | SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. | [email protected] | 7.5 | 1.01% | 2008-04-17 | 2026-04-23 |
| CVE-2008-1863 | SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 2.08% | 2008-04-17 | 2026-04-23 |
| CVE-2008-1789 | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | [email protected] | 6.8 | 0.91% | 2008-04-15 | 2026-04-23 |
| CVE-2008-1788 | SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 0.93% | 2008-04-15 | 2026-04-23 |
| CVE-2008-1785 | delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | [email protected] | 5.5 | 1.97% | 2008-04-15 | 2026-04-23 |
| CVE-2008-1784 | Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | [email protected] | 7.5 | 2.52% | 2008-04-15 | 2026-04-23 |
| CVE-2008-1783 | Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | [email protected] | 6.4 | 2.27% | 2008-04-15 | 2026-04-23 |
| CVE-2007-4362 | SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | [email protected] | 6.8 | 1.15% | 2007-08-15 | 2026-04-23 |
| CVE-2007-4258 | SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | [email protected] | 7.5 | 0.95% | 2007-08-08 | 2026-04-23 |
| CVE-2007-3809 | Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | [email protected] | 7.5 | 1.03% | 2007-07-17 | 2026-04-23 |
| CVE-2005-2961 | Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | [email protected] | 7.5 | 8.62% | 2005-10-05 | 2026-04-16 |
| CVE-2005-0523 | Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | [email protected] | 7.5 | 9.87% | 2005-05-02 | 2026-04-16 |
| CVE-2004-1120 | Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | [email protected] | 10.0 | 14.64% | 2005-01-10 | 2026-04-16 |