Vulnerabilities (CVE)

Filtered by vendor Turnkeyforms Subscribe
Filtered by product Web Hosting Directory
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6941 1 Turnkeyforms 1 Web Hosting Directory 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2008-6940 1 Turnkeyforms 1 Web Hosting Directory 2024-11-21 7.5 HIGH N/A
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
CVE-2008-6939 1 Turnkeyforms 1 Web Hosting Directory 2024-11-21 7.5 HIGH N/A
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.