phpprofiles 相關的公開 CVE 漏洞與安全風險資訊,提供 CVSS、EPSS、公開時間與漏洞情報資料,協助評估潛在風險與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2008-1051 | PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | [email protected] | 6.8 | 19.58% | 2008-02-27 | 2026-06-16 |
| CVE-2006-6744 | phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | [email protected] | 2.1 | 0.44% | 2006-12-26 | 2026-06-16 |
| CVE-2006-6743 | phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | [email protected] | 4.6 | 0.30% | 2006-12-26 | 2026-06-16 |
| CVE-2006-6740 | Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commre | [email protected] | 7.5 | 9.10% | 2006-12-26 | 2026-06-16 |
| CVE-2006-5634 | Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | [email protected] | 6.8 | 6.07% | 2006-10-31 | 2026-06-16 |