Aggregates CVE and security vulnerability intelligence across all scottmanktelow-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling and vendor risk sql injection; exposure may include vendor impact file overwrite and vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-5432 | Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php. | [email protected] | 7.5 | 0.71% | 2007-10-12 | 2026-04-23 |
| CVE-2007-5431 | include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code. | [email protected] | 7.8 | 0.42% | 2007-10-12 | 2026-04-23 |
| CVE-2007-5430 | Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | [email protected] | 7.5 | 2.30% | 2007-10-12 | 2026-04-23 |