Comdev

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-6368 1Comdev 1Jomestate Pro Nov 21, 2024 Feb 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
CVE-2008-6250 1Comdev 1Comdev Web Blogger Apr 23, 2026 Feb 23, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2008-1872 1Comdev 1Comdev News Publisher Apr 23, 2026 Apr 17, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party...Show more SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-3084 1Comdev 1Comdev Web Blogger Apr 23, 2026 Jun 6, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441...Show more PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.Show less
CVE-2007-3081 1Comdev 1Comdev Ecommerce Apr 23, 2026 Jun 6, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2007-2422 1Comdev 1Modules Builder Apr 23, 2026 May 2, 2007 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.ph...Show more Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname stringShow less
CVE-2006-6045 1Comdev 1Comdev One Admin Pro Apr 23, 2026 Nov 22, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) ad...Show more Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.Show less
CVE-2006-5441 1Comdev 1Comdev Web Blogger Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE:...Show more PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-5440 1Comdev 1Comdev Form Designer Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOT...Show more PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-5439 1Comdev 1Comdev Misc Tools Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE:...Show more PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-5438 1Comdev 1Comdev Forum Apr 23, 2026 Oct 20, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the p...Show more PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.Show less
CVE-2006-5101 1Comdev 1Comdev Csv Importer Apr 23, 2026 Oct 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ...Show more PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.Show less
CVE-2005-3825 1Comdev 1Comdev Vote Caster Apr 16, 2026 Nov 26, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
CVE-2005-2544 1Comdev 1Comdev Ecommerce Apr 16, 2026 Aug 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
CVE-2005-2543 1Comdev 1Comdev Ecommerce Apr 16, 2026 Aug 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.
CVE-2005-2138 1Comdev 1Comdev Ecommerce Apr 16, 2026 Jul 5, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review messa...Show more Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.Show less