CVE Tools

w-agora

Web & CMS Pluginscommercial

14

Cumulative CVEs

4

Monthly snapshots

#14

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting w-agora.

CVE-2010-4868Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.4.3Oct 5, 2011
CVE-2010-4867Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn para...7.5Oct 5, 2011
CVE-2008-1466Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_foru...7.5Mar 24, 2008
CVE-2007-6647SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.7.5Jan 4, 2008
CVE-2007-1607search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_u...5.0Mar 22, 2007
CVE-2007-1606Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) searc...4.3Mar 22, 2007
CVE-2007-1605w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4...5.0Mar 22, 2007
CVE-2007-1604Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stor...7.5Mar 22, 2007
CVE-2007-0606w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which...5.0Mar 21, 2007
CVE-2007-0607W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application pat...4.3Mar 20, 2007
CVE-2006-2228Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript even...4.3May 5, 2006
CVE-2002-2129Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is e...4.3Nov 16, 2005
CVE-2002-2128editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.4.6Nov 16, 2005
CVE-2005-2648Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.5.0Aug 21, 2005
CVE-2002-1878PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.5.0Jun 28, 2005