Phprofession CVE

Filtered by vendor Phprofession Subscribe

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2004-1953	1 Phprofession	1 Phprofession	2025-04-03	5.0 MEDIUM	N/A
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
CVE-2004-1955	1 Phprofession	1 Phprofession	2025-04-03	7.5 HIGH	N/A
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.
CVE-2004-1954	1 Phprofession	1 Phprofession	2025-04-03	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.

Vulnerabilities (CVE)