Sql injection

SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php...

CVE-2008-2088

SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

CVE-2007-6545

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

Sql injection

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

CVE-2007-4253

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

CVE-2007-4253

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263...

CVE-2007-4253

CVE-2007-4253 affects Envolution (News module, pages.php) with a SQL injection vulnerability exposed via the topic parameter in News 1.1.0 and earlier. The root cause is unsafely constructed SQL leading to arbitrary SQL execution by remote attackers. Connected documents confirm the same vulnerabi...

CVE-2007-3814

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

CVE-2007-3814

CVE-2007-3814 documents multiple SQL injection vulnerabilities in MKPortal 1.1.1 that allow remote attackers to execute arbitrary SQL commands through numerous parameters in index.php across several modules (urlobox, reviews, news, gallery, downloads), including idurlo, iden, idnews, idcomm, ide,...

Sql injection

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

CVE-2006-6200

The CVE-2006-6200 entry describes multiple SQL injection vulnerabilities in the News module of PHP-Nuke (version 7.9 and earlier). Specifically, the rate_article and rate_complete functions in modules/News/index.php are affected when magic_quotes_gpc is disabled, allowing remote attackers to exec...

PHP-Nuke News Module Index.PHP SQL注入漏洞

PHP-Nuke News是一款基于PHP-Nuke的一个新闻模块。 PHP-Nuke News不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'sid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4...

PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities

/ -------------------------------------------------------- Neo Security Team NST - Advisory 30 - 2006-11-24 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.phpnuke.org Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke ...

CuteNews 1.4.1 <= Cross Site Scripting

// CuteNews 1.4.1 = Cross Site Scripting // ----------------------------------------------------------------- Advisory by: LoK-Crew Snake23 - Exploit: http://www.example.com/index.php?mod=editnews&action=editnews&id=1145397112&source=XSS - Googledork: Powered by CuteNews 1.4.1 + Greetz to: PHCN +...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

Dragonfly CMS 9.0.6 1 News Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...