phpcredo phcdownload CVE Vulnerabilities (6)

CVEs: 6 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting phpcredo phcdownload (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2008-6597 Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 4.3 1.18% 2009-04-03 2026-06-16
CVE-2008-6596 SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 7.5 0.96% 2009-04-03 2026-06-16
CVE-2007-6670 SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. [email protected] 7.5 0.97% 2008-01-07 2026-06-16
CVE-2007-6669 Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter. [email protected] 4.3 1.50% 2008-01-07 2026-06-16
CVE-2007-6588 Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 4.3 1.02% 2007-12-28 2026-06-16
CVE-2006-3525 SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. [email protected] 7.5 1.09% 2006-07-11 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence