Vulnerabilities (CVE)

Filtered by vendor Pvpgn Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18291 1 Pvpgn 1 Stats 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.
CVE-2017-18290 1 Pvpgn 1 Stats 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.
CVE-2017-18289 1 Pvpgn 1 Stats 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.
CVE-2017-18288 1 Pvpgn 1 Stats 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
CVE-2017-18287 1 Pvpgn 1 Stats 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.
CVE-2008-5370 1 Pvpgn 1 Pvpgn 2024-11-21 6.9 MEDIUM N/A
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
CVE-2004-2705 1 Pvpgn 1 Pvpgn 2024-11-20 5.0 MEDIUM N/A
Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.