Vulnerabilities (CVE)

Filtered by vendor Centipaid Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6975 1 Centipaid 1 Centipaid 2024-08-07 5.1 MEDIUM N/A
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.
CVE-2006-6976 1 Centipaid 1 Centipaid 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.