Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

powie

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

14
Related CVEsRelated ProductsRelated AssignersReports
14Vulnerabilities found
CVE-2012-6524
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-31 Jan, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-pgbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-1211
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.19% / 83.72%
||
7 Day CHG~0.00%
Published-20 Feb, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.

Action-Not Available
Vendor-powien/a
Product-pfilen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-1210
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.19%
||
7 Day CHG~0.00%
Published-20 Feb, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-pfilen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5269
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-28 Nov, 2008 | 18:26
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.

Action-Not Available
Vendor-powien/a
Product-psysn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4347
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Action-Not Available
Vendor-powien/a
Product-pnewsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4355
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.66%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-pforumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4357
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.87%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-plinkn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3131
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.69%
||
7 Day CHG+0.16%
Published-10 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.

Action-Not Available
Vendor-powien/a
Product-psysn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2673
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.51%
||
7 Day CHG~0.00%
Published-12 Jun, 2008 | 10:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.

Action-Not Available
Vendor-powien/a
Product-pnewsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-6039
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.55%
||
7 Day CHG~0.00%
Published-22 Nov, 2006 | 00:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.

Action-Not Available
Vendor-powien/a
Product-php_matchmakern/a
CVE-2006-6038
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2006 | 00:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-powien/a
Product-pforumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2004-1716
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.72% / 91.57%
||
7 Day CHG~0.00%
Published-26 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.

Action-Not Available
Vendor-powien/a
Product-pforumn/a
CVE-2002-0287
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.69% / 70.86%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.

Action-Not Available
Vendor-powien/a
Product-pforumn/a
CVE-2002-0319
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.22% / 91.89%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.

Action-Not Available
Vendor-powien/a
Product-pforumn/a