GCVE - cpe:2.3:a:accomplishtechnology:phpmydirectory:1.3.0:b:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:accomplishtechnology:phpmydirectory:1.3.0:b:*:*:*:*:*:*

part: a version: 1.3.0 update: b

Vendor	Accomplishtechnology (`3ecc4802-d4d1-5dcf-aeab-9e334d03e806`)
Product	Phpmydirectory (`bb0117a7-86e3-57cf-b062-042aef2eacb9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/bjohnson045/phpmydirectory`	purl2cpe	2026-06-01 10:16:05.050096

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-4756`	vulnerable	2026-06-03 14:27:43.780309	Details available SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Published: 2006-09-13T22:00:00.000Z Updated: 2024-08-07T19:23:41.001Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21875 http://www.vupen.com/english/advisories/2006/3562	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4755`	vulnerable	2026-06-03 14:27:43.774306	Details available Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Published: 2006-09-13T22:00:00.000Z Updated: 2024-08-07T19:23:41.094Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21875 http://www.vupen.com/english/advisories/2006/3562	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3138`	vulnerable	2026-06-03 14:27:34.141454	Details available Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php. Published: 2006-06-22T22:00:00.000Z Updated: 2024-08-07T18:16:06.141Z Open on db.gcve.eu Reference links http://www.osvdb.org/26671 http://www.vupen.com/english/advisories/2006/2427 http://pridels0.blogspot.com/2006/06/phpmydirectory-xss-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27211 http://www.securityfocus.com/bid/18539	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2521`	vulnerable	2026-06-03 14:27:32.546474	Details available PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. Published: 2006-05-22T22:00:00.000Z Updated: 2024-08-07T17:51:04.778Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/1896 http://secunia.com/advisories/20209 https://exchange.xforce.ibmcloud.com/vulnerabilities/26625 https://www.exploit-db.com/exploits/1808	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Accomplish Technology, LLC phpMyDirectory 1.3.0b (beta)

PURL mappings

Vulnerability references

Contribute