汇总 turnkeyforms 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 SQL 注入与跨站脚本 等问题,部分漏洞可能导致 数据泄露,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2009-4858 | Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | [email protected] | 4.3 | 0.23% | 2010-05-11 | 2026-04-29 |
| CVE-2008-6963 | admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request. | [email protected] | 7.5 | 1.66% | 2009-08-13 | 2026-04-23 |
| CVE-2008-6941 | SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | [email protected] | 7.5 | 0.50% | 2009-08-12 | 2026-04-23 |
| CVE-2008-6940 | TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | [email protected] | 7.5 | 7.21% | 2009-08-12 | 2026-04-23 |
| CVE-2008-6939 | TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | [email protected] | 7.5 | 4.02% | 2009-08-12 | 2026-04-23 |
| CVE-2008-6723 | TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | [email protected] | 7.5 | 2.76% | 2009-04-14 | 2026-04-23 |
| CVE-2008-6351 | Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter. | [email protected] | 4.3 | 3.64% | 2009-03-02 | 2026-04-23 |
| CVE-2008-6350 | SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter. | [email protected] | 7.5 | 0.48% | 2009-03-02 | 2026-04-23 |
| CVE-2008-6349 | SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.48% | 2009-03-02 | 2026-04-23 |
| CVE-2008-6302 | TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | [email protected] | 7.5 | 2.37% | 2009-02-26 | 2026-04-23 |
| CVE-2008-5487 | Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. | [email protected] | 4.3 | 3.18% | 2008-12-12 | 2026-04-23 |
| CVE-2008-5486 | SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.42% | 2008-12-12 | 2026-04-23 |