Every CVE whose affected-product data names Lifetype, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2006-2857 — CVSS 7.5 (high): SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId…
CVE-2006-3577 — CVSS 7.5 (high): SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter…
CVE-2008-2629 — CVSS 7.5 (high): SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via…
CVE-2007-0979 — CVSS 5.0 (medium): Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file…
CVE-2011-3751 — CVSS 5.0 (medium): LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2006-1809 — CVSS 5.0 (medium): index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path…
CVE-2006-6112 — CVSS 5.0 (medium): LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote…
CVE-2008-2196 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2008-2178 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-1808 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via…