53 matches found
CVE-2012-1665
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...
CVE-2012-6691
Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...
CVE-2015-2250
Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...
CVE-2012-1672
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...
Sql injection
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...
CVE-2012-1672
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...
CVE-2009-0424
Cross-site scripting XSS vulnerability in sign1.php in AN Guestbook ANG before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in 1 administrator/manage.php or 2 administrator/trash.php. NOTE: some of these details are...
Sql injection
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter...
CVE-2008-1715
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter...
Sql injection
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected...
CVE-2006-3271
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the 1 country and 2 sortby parameters in a searchresults.php; 3 browse parameter in b featuredphotos.php; 4 cid parameter in c products.php, d index.php, and e newsdesc.php...
CVE-2005-2985
SQL injection vulnerability in searchresult.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter...
CVE-2005-0995
Multiple cross-site scripting XSS vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter to advSearchh.asp, 2 the redirectUrl parameter to NewCust.asp, 3 the country parameter to storelocatorsubmit.asp, or 4 the error parameter...