6 matches found
Directory traversal
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...
Sql injection
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action...
CVE-2008-6454
The CVE-2008-6454 entry concerns a SQL injection in 6rbScript 3.3, exploitable via the singerid parameter in the singers action (section.php). The vulnerability is caused by unsafely constructed SQL queries, enabling remote attackers to execute arbitrary SQL commands. Public references (e.g., Exp...
CVE-2008-6453
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...
CVE-2008-6453
CVE-2008-6453 affects 6rbScript 3.3. A directory traversal flaw in section.php can be exploited when magic_quotes_gpc is disabled to read arbitrary files by supplying a double-dot (.. ) in the name parameter. The NVD entry notes a remote-access vector with MEDIUM severity (CVSS v2: AV:N/AC:M/Au:N...
CVE-2008-6454
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action...