Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dynpg Security Vulnerabilities

cve
cve

CVE-2010-1299

Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot paramet...

7.9AI Score

0.052EPSS

2010-04-07 06:30 PM
22
2
cve
cve

CVE-2010-4399

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party ...

6.9AI Score

0.038EPSS

2010-12-06 01:37 PM
30
2
cve
cve

CVE-2010-4400

SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.

8.7AI Score

0.004EPSS

2010-12-06 01:37 PM
23
2
cve
cve

CVE-2010-4401

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

6.3AI Score

0.005EPSS

2010-12-06 01:37 PM
21
2
cve
cve

CVE-2020-27406

Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.

5.4CVSS

5.4AI Score

0.001EPSS

2021-11-02 11:15 AM
20
cve
cve

CVE-2021-27526

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
25
cve
cve

CVE-2021-27527

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
20
2
cve
cve

CVE-2021-27528

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
27
2
cve
cve

CVE-2021-27529

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
26
2
cve
cve

CVE-2021-27530

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
25
2
cve
cve

CVE-2021-27531

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2021-03-23 02:15 PM
29
2