Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10056 | 1 Shawn Bradley | 1 Php Volunteer Management | 2026-07-15 | N/A |
| PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request. | ||||
| CVE-2012-6504 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | N/A |
| SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-6505 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
Page 1 of 1.