Projectpier

projectpier

Vendor: Projectpier • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-3637 1Projectpier 1Projectpier Nov 21, 2024 Feb 7, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 ProjectPier 0.8.8 does not use the Secure flag for cookies
CVE-2013-3636 1Projectpier 1Projectpier Nov 21, 2024 Feb 7, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
CVE-2013-3635 1Projectpier 1Projectpier Nov 21, 2024 Feb 7, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 ProjectPier 0.8.8 has stored XSS
CVE-2018-10760 1Projectpier 1Projectpier Nov 21, 2024 May 16, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing...Show more Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.Show less
CVE-2018-10759 1Projectpier 1Projectpier Nov 21, 2024 May 16, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.
CVE-2015-2796 1Projectpier 1Projectpier Nov 21, 2024 Feb 2, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contact...Show more Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.Show less
CVE-2011-3797 1Projectpier 1Projectpier Apr 29, 2026 Sep 24, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout...Show more ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.Show less
CVE-2008-5584 1Projectpier 1Projectpier Apr 23, 2026 Dec 15, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or...Show more Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.Show less
CVE-2008-5583 1Projectpier 1Projectpier Apr 23, 2026 Dec 15, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.