Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-10056 1 Shawn Bradley 1 Php Volunteer Management 2026-07-15 N/A
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
CVE-2012-6504 1 Shawn Bradley 1 Php Volunteer Management 2025-04-11 N/A
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-6505 1 Shawn Bradley 1 Php Volunteer Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.