Codeworx Technologies Dcp-portal — known CVE vulnerabilities
Every CVE whose affected-product data names Codeworx Technologies Dcp-portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2005-0454 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the…
CVE-2006-4837 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in…
CVE-2005-3365 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly…
CVE-2002-0281 — CVSS 5.1 (medium): Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by…
CVE-2006-4836 — CVSS 5.1 (medium): SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username…
CVE-2002-0282 — CVSS 5.0 (medium): DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or…
CVE-2004-2511 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script…
CVE-2006-0220 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script…
CVE-2006-4838 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2004-2512 — CVSS 4.3 (medium): CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting…
CVE-2006-1120 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers…