Aggregates CVE and security vulnerability intelligence across all pvpgn-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection and vendor risk path handling; exposure may include vendor impact data exposure and vendor impact file overwrite in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-18291 | An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | [email protected] | 9.8 | 0.24% | 2018-06-12 | 2024-11-21 |
| CVE-2017-18290 | An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. | [email protected] | 9.8 | 0.24% | 2018-06-12 | 2024-11-21 |
| CVE-2017-18289 | An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. | [email protected] | 9.8 | 0.24% | 2018-06-12 | 2024-11-21 |
| CVE-2017-18288 | An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. | [email protected] | 9.8 | 0.24% | 2018-06-12 | 2024-11-21 |
| CVE-2017-18287 | An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. | [email protected] | 9.8 | 0.24% | 2018-06-12 | 2024-11-21 |
| CVE-2008-5370 | pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | [email protected] | 6.9 | 0.04% | 2008-12-08 | 2026-04-23 |
| CVE-2004-2705 | Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets. | [email protected] | 5.0 | 0.55% | 2004-12-31 | 2026-04-16 |