Vulnerabilities (CVE)

Filtered by vendor Connectix Subscribe
Filtered by product Connectix Boards
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1254 1 Connectix 1 Connectix Boards 2024-02-04 6.5 MEDIUM N/A
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
CVE-2007-1255 1 Connectix 1 Connectix Boards 2024-02-04 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
CVE-2008-0502 1 Connectix 1 Connectix Boards 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.