Vulnerabilities (CVE)

Filtered by vendor Shoutpro Subscribe
Filtered by product Shoutpro
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2141 1 Shoutpro 1 Shoutpro 2024-11-21 7.5 HIGH N/A
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.
CVE-2006-7047 1 Shoutpro 1 Shoutpro 2024-11-21 5.0 MEDIUM N/A
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.