Lucene search

Tutorialcms Security Vulnerabilities

cve

CVE-2007-2599

Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e...

8.5AI Score

0.008EPSS

2007-05-11 10:19 AM

cve

CVE-2007-2600

Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) t...

5.8AI Score

0.04EPSS

2007-05-11 10:19 AM

cve

CVE-2007-2822

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

7AI Score

0.044EPSS

2007-05-22 09:30 PM

cve

CVE-2008-0254

SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.

8.4AI Score

0.001EPSS

2008-01-15 08:00 PM