← Back

China On Site

china-on-site

9 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Flexphpnews
flexphpnews
2 CVEs
Flexphplink
flexphplink
2 CVEs
Flexphpdirectory
flexphpdirectory
2 CVEs
Flexphpic
flexphpic
1 CVE
Flexphpsite
flexphpsite
1 CVE
Flexcustomer0.0.6
flexcustomer0.0.6
1 CVE

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-6761
1China On Site
1Flexcustomer0.0.6
Apr 23, 2026
Apr 28, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field)....Show more
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.Show less
CVE-2008-6750
1China On Site
1Flexphpdirectory
Apr 23, 2026
Apr 24, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to th...Show more
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.Show less
CVE-2008-6749
1China On Site
1Flexphpdirectory
Apr 23, 2026
Apr 24, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass...Show more
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.Show less
CVE-2008-6731
1China On Site
1Flexphplink
Apr 23, 2026
Apr 20, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct req...Show more
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.Show less
CVE-2008-6730
1China On Site
1Flexphplink
Apr 23, 2026
Apr 20, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser paramete...Show more
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.Show less
CVE-2008-6241
1China On Site
1Flexphpsite
Apr 23, 2026
Feb 23, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (a...Show more
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.Show less
CVE-2008-6142
1China On Site
1Flexphpic
Apr 23, 2026
Feb 16, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter...Show more
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.Show less
CVE-2008-5927
1China On Site
1Flexphpnews
Apr 23, 2026
Jan 21, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter...Show more
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.Show less
CVE-2005-1237
1China On Site
1Flexphpnews
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.