Aggregates CVE and security vulnerability intelligence across all phpslash-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection; exposure may include vendor impact file overwrite in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-0517 | Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information. | [email protected] | 10.0 | 69.23% | 2009-02-11 | 2026-04-23 |
| CVE-2005-4479 | SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter. | [email protected] | 7.5 | 0.42% | 2005-12-22 | 2026-04-16 |
| CVE-2005-2257 | The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | [email protected] | 10.0 | 1.19% | 2005-07-13 | 2026-04-16 |
| CVE-2001-1334 | Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. | [email protected] | 5.0 | 6.96% | 2002-05-19 | 2026-04-16 |