SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
8.8AI Score
0.002EPSS
SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
8.3AI Score
0.005EPSS
RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.
6.4AI Score
0.004EPSS