← Back

Apphp

apphp

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Php Microcms
php_microcms
2 CVEs
Apphp Calendar
apphp_calendar
2 CVEs
Hotel Site
hotel_site
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-4713
1Apphp
1Hotel Site
May 6, 2026
Jun 22, 2015
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2010-4881
1Apphp
1Apphp Calendar
Apr 29, 2026
Oct 7, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) cate...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.Show less
CVE-2010-4880
1Apphp
1Apphp Calendar
Apr 29, 2026
Oct 7, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (...Show more
Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.Show less
CVE-2010-3481
1Apphp
1Php Microcms
Apr 29, 2026
Sep 22, 2010
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variable...Show more
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.Show less
CVE-2010-3480
1Apphp
1Php Microcms
Apr 29, 2026
Sep 22, 2010
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter...Show more
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.Show less