6 matches found
Open redirect
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter...
CVE-2012-1022
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the catparentid parameter in an addcat action...
CVE-2012-1023
The CVE-2012-1023 entry concerns an Open Redirect vulnerability in 4images 1.7.10, specifically in admin/index.php where an attacker can abuse the redirect parameter to send users to arbitrary sites, enabling phishing-like redirection. Connected sources confirm the affected product (4images 1.7.1...
CVE-2012-1021
CVE-2012-1021 concerns a Cross-site Scripting (XSS) vulnerability in 4images 1.7.10, specifically in admin/categories.php. The issue allows remote attackers to inject arbitrary web script/HTML via the cat_parent_id parameter in the addcat action. Affected software is 4images, version 1.7.10; the ...
CVE-2012-1022
CVE-2012-1022 affects 4images 1.7.10: SQL injection in admin/categories.php, exploitable via the cat_parent_id parameter in an addcat action. Remote attackers can execute arbitrary SQL commands. The available sources confirm the vulnerability and affected component, but the documents do not provi...
4Images 1.7.10 - '/admin/index.php?redirect' Arbitrary Site Redirect
source: https://www.securityfocus.com/bid/51774/info 4images is prone to multiple input-validation vulnerabilities including: 1. A cross-site scripting vulnerability. 2. An open-redirection vulnerability. 3. An SQL-injection vulnerability. An attacker may leverage these issues to perform spoofing...