This page aggregates publicly disclosed CVE and security risk information related to annuaire, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-4601 | SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 1.26% | 2006-09-07 | 2026-04-16 |
| CVE-2006-1434 | Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). | [email protected] | 6.8 | 1.31% | 2006-04-03 | 2026-04-16 |
| CVE-2006-1433 | Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. | [email protected] | 5.0 | 2.11% | 2006-04-03 | 2026-04-16 |
| CVE-2005-1975 | Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. | [email protected] | 4.3 | 1.30% | 2005-06-16 | 2026-04-16 |